Multiple HTTP Response Splitting vulnerabilities in osCommerce 2.2 Milestone 2 and earlier allow remote attackers to spoof web content and poison web caches via hex-encoded CRLF ("%0d%0a") sequences in the (1) products_id or (2) pid parameter to index.php or (3) goto parameter to banner.php.

Threat-Mapped Scoring

Score: 1.8

Priority: P4 - Informational (Low)

• S9 – Sabotage of System/App

EPSS

Score: 0.04248
Percentile: 0.88317

CVSS Scoring

Affected Products

• cpe:2.3:a:oscommerce:oscommerce:2.1:*:*:*:*:*:*:*
• cpe:2.3:a:oscommerce:oscommerce:2.2_cvs:*:*:*:*:*:*:*
• cpe:2.3:a:oscommerce:oscommerce:2.2_ms1:*:*:*:*:*:*:*
• cpe:2.3:a:oscommerce:oscommerce:2.2_ms2:*:*:*:*:*:*:*

← Back to Home