Description
A vulnerability, which was classified as problematic, was found in osCommerce 4. Affected is an unknown function of the file /catalog/all-products. The manipulation of the argument cat leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-262488. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
History
No history.
Subscriptions
No data.
Status: PUBLISHED
Assigner: VulDB
Published:
Updated: 2024-08-01T20:40:46.523Z
Reserved: 2024-04-30T14:14:08.150Z
Link: CVE-2024-4348
Updated: 2024-08-01T20:40:46.523Z
Status : Deferred
Published: 2024-04-30T22:15:07.870
Modified: 2026-06-17T08:01:43.320
Link: CVE-2024-4348
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')