CVE - CVE-2012-1664

CVE-ID
CVE-2012-1664	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Multiple cross-site scripting (XSS) vulnerabilities in the admin panel in osCMax before 2.5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter in a process action to admin/login.php; (2) pageTitle, (3) current_product_id, or (4) cPath parameter to admin/new_attributes_include.php; (5) sb_id, (6) sb_key, (7) gc_id, (8) gc_key, or (9) path parameter to admin/htaccess.php; (10) title parameter to admin/information_form.php; (11) search parameter to admin/xsell.php; (12) gross or (13) max parameter to admin/stats_products_purchased.php; (14) status parameter to admin/stats_monthly_sales.php; (15) sorted parameter to admin/stats_customers.php; (16) information_id parameter to /admin/information_manager.php; or (17) zID parameter to /admin/geo_zones.php.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20120404 Multiple vulnerabilities in osCmax URL:http://archives.neohapsis.com/archives/bugtraq/2012-04/0021.html CONFIRM:http://bugtrack.oscmax.com/view.php?id=1165 CONFIRM:http://www.oscmax.com/blog/michael_s/oscmax_v251_has_been_released_security_update MISC:https://www.htbridge.com/advisory/HTB23081 OSVDB:80903 URL:~~http://www.osvdb.org/80903~~ (Obsolete source) OSVDB:80904 URL:~~http://www.osvdb.org/80904~~ (Obsolete source) OSVDB:80905 URL:~~http://www.osvdb.org/80905~~ (Obsolete source) OSVDB:80906 URL:~~http://www.osvdb.org/80906~~ (Obsolete source) OSVDB:80907 URL:~~http://www.osvdb.org/80907~~ (Obsolete source) OSVDB:80908 URL:~~http://www.osvdb.org/80908~~ (Obsolete source) OSVDB:80909 URL:~~http://www.osvdb.org/80909~~ (Obsolete source) OSVDB:80910 URL:~~http://www.osvdb.org/80910~~ (Obsolete source) OSVDB:80911 URL:~~http://www.osvdb.org/80911~~ (Obsolete source) OSVDB:80912 URL:~~http://www.osvdb.org/80912~~ (Obsolete source)
Assigning CNA
MITRE Corporation
Date Record Created
20120314	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20120314)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)