CVE-2012-1664

EPSS 2.9%

Multiple cross-site scripting (XSS) vulnerabilities in the admin panel in osCMax before 2.5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter in a process action to admin/login.php; (2) pageTitle, (3) current_product_id, or (4) cPath parameter to admin/new_attributes_include.php; (5) sb_id, (6) sb_key, (7) gc_id, (8) gc_key, or (9) path parameter to admin/htaccess.php; (10) title parameter to admin/information_form.php; (11) search parameter to admin/xsell.php; (12) gross or (13) max parameter to admin/stats_products_purchased.php; (14) status parameter to admin/stats_monthly_sales.php; (15) sorted parameter to admin/stats_customers.php; (16) information_id parameter to /admin/information_manager.php; or (17) zID parameter to /admin/geo_zones.php.

Affected products

n/a · n/a

public PoCs found — 9

exploitdbwww.exploit-db.com/exploits/37045unverified exploitdbwww.exploit-db.com/exploits/37039unverified exploitdbwww.exploit-db.com/exploits/37044unverified exploitdbwww.exploit-db.com/exploits/37038unverified exploitdbwww.exploit-db.com/exploits/37046unverified exploitdbwww.exploit-db.com/exploits/37043unverified exploitdbwww.exploit-db.com/exploits/37042unverified exploitdbwww.exploit-db.com/exploits/37041unverified exploitdbwww.exploit-db.com/exploits/37040unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://archives.neohapsis.com/archives/bugtraq/2012-04/0021.html http://bugtrack.oscmax.com/view.php?id=1165 https://www.htbridge.com/advisory/HTB23081 http://www.oscmax.com/blog/michael_s/oscmax_v251_has_been_released_security_update http://www.osvdb.org/80903 http://www.osvdb.org/80904 http://www.osvdb.org/80905 http://www.osvdb.org/80906 http://www.osvdb.org/80907 http://www.osvdb.org/80908 http://www.osvdb.org/80909 http://www.osvdb.org/80910