CVE

Id
55035  
CVE No.
CVE-2012-1792  
Status
Candidate  
Description
Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Setup/Application/Install/RPC/DBCheck.php in OSCommerce Online Merchant 3.0.2, when the software is being installed, allows remote attackers to inject arbitrary web script or HTML via the name parameter to oscommerce/index.php, which is not properly handled in an error message. NOTE: this might not be a vulnerability, since the ability to access oscommerce/index.php during installation may already imply administrator privileges.  
Phase
Assigned (20120319)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
26150 JVNDB-2012-001857 IBM DB2 における詳細不明な脆弱性 IBM DB2 は、nodes.reg に対する誰でも書き込みできる権限 (world-writable permissions) を用いることで、詳細不明な影響を受ける脆弱性が存在します。 CVE-2012-1797 55035 10 http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001857.html  View