CVE-2012-0312

Published Jan 26, 2012

Last updated 13 years ago

CVSS info 4.3

Overview

Description: Cross-site scripting (XSS) vulnerability in osCommerce 2.2MS1J before R9, and osCommerce Online Merchant before 2.3.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Source: vultures@jpcert.or.jp
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oscommerce:online_merchant:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "20D53127-4205-485C-945E-586370018655",
            "versionEndIncluding": "2.3.0"
          },
          {
            "criteria": "cpe:2.3:a:oscommerce:online_merchant:2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C304E88C-9904-4DAE-BE7B-7E450574F0EB"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oscommerce:oscommerce:2.2ms1j-r1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2E53D1E7-9BFA-435A-AB36-A7ABFD3AB63C"
          },
          {
            "criteria": "cpe:2.3:a:oscommerce:oscommerce:2.2ms1j-r2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BDBD697D-E050-4D58-A27C-48D01AC0592C"
          },
          {
            "criteria": "cpe:2.3:a:oscommerce:oscommerce:2.2ms1j-r3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F01F02FF-7A98-4CBD-92D0-386D6CA69217"
          },
          {
            "criteria": "cpe:2.3:a:oscommerce:oscommerce:2.2ms1j-r4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BC20F4CC-6ACA-4D43-9167-C23B8E4FB88D"
          },
          {
            "criteria": "cpe:2.3:a:oscommerce:oscommerce:2.2ms1j-r5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AA99DEF7-0D1D-46C9-AC1B-2E09A4698F8F"
          },
          {
            "criteria": "cpe:2.3:a:oscommerce:oscommerce:2.2ms1j-r6a:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "762AC6E1-C899-407D-AD51-92F1C5E6372F"
          },
          {
            "criteria": "cpe:2.3:a:oscommerce:oscommerce:2.2ms1j-r7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E46EE91F-57C2-4907-B1E0-31EE9876B24E"
          },
          {
            "criteria": "cpe:2.3:a:oscommerce:oscommerce:2.2ms1j-r8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D73BEAB5-4E0D-47A2-8852-CA7C5535B385"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References