CVE-2012-1059

Name of the Vulnerable Software and Affected Versions OSCommerce Online Merchant version 3.0.2

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the value title parameter. This can be demonstrated using the "Front" field in the shirt module.

Recommendations For OSCommerce Online Merchant version 3.0.2, avoid using the value title parameter in the affected API endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the main.php page in the osCommerce/OM/Core/Site/Shop/Application/Cart/pages directory to minimize the risk of exploitation.