Security Advisory

CVE-2020-12058

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-09-03 13:09:48
Last updated 2024-08-04 11:48:57
Assigner mitre
State PUBLISHED

Description

Several XSS vulnerabilities in osCommerce CE Phoenix before 1.0.6.0 allow an attacker to inject and execute arbitrary JavaScript code. The malicious code can be injected as follows: the page parameter to catalog/admin/order_status.php, catalog/admin/tax_rates.php, catalog/admin/languages.php, catalog/admin/countries.php, catalog/admin/tax_classes.php, catalog/admin/reviews.php, or catalog/admin/zones.php; or the zpage or spage parameter to catalog/admin/geo_zones.php.