CVE-2023-6296 | osCommerce 4 Instant Message /catalog/compare cross site scripting

A vulnerability was found in osCommerce 4. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /catalog/compare of the component Instant Message Handler. The manipulation of the argument compare with the input 40dz4iq"><script>alert(1)</script>zohkx leads to cross site scripting.

This vulnerability is handled as CVE-2023-6296. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2023-6296 | osCommerce 4 Instant Message /catalog/compare cross site scripting

Post correlati

CVE-2024-40833 | Apple iOS/iPadOS Shortcut access control

CVE-2024-8418 | Aardvark-dns 1.12.0/1.12.1 TCP Query denial of service

CVE-2023-51363 | Buffalo VR-S1000 up to 2.37 Web Management Page information disclosure

CVE-2024-7919 | Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 up to 20240805 GetDataList access control