Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.11958
Category:Web application abuses
Title:osCommerce Malformed Session ID XSS Vulnerability
Summary:osCommerce is vulnerable to an XSS flaw. The flaw can be; exploited when a malicious user passes a malformed session ID to URI.
Description:Summary:
osCommerce is vulnerable to an XSS flaw. The flaw can be
exploited when a malicious user passes a malformed session ID to URI.

Solution:
Update to osCommerce 2.2 Milestone 3 or later which will
redirect the user to the index page when a malformed session ID is used, so that a new session
ID can be generated.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2003-1219
BugTraq ID: 9238
http://www.securityfocus.com/bid/9238
Bugtraq: 20031217 osCommerce Malformed Session ID XSS Vuln (Google Search)
http://www.securityfocus.com/archive/1/347831
http://osdir.com/ml/web.oscommerce.cvs/2003-12/msg00024.html
CopyrightCopyright (C) 2003 Noam Rathaus

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.