Family: CGI abuses : XSS --> Category: attack
osCommerce Multiple HTTP Response Splitting Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
Checks for multiple HTTP response splitting vulnerabilities in osCommerce
Detailed Explanation for this Vulnerability Test
The remote web server contains a PHP application that is susceptible
to multiple HTTP Response splitting attacks.
The remote host is running osCommerce, an open-source e-commerce
The version of osCommerce on the remote host suffers from multiple
HTTP response splitting vulnerabilities due to its failure to sanitize
user-supplied input to various parameters of the
'includes/application_top.php' script, the 'goto' parameter of the
'banner.php' script, and possibly others. An attack can exploit these
flaws to inject malicious text into HTTP headers, possibly resulting
in the theft of session identifiers and/or misrepresentation of the
See also :
Unknown at this time.
Low / CVSS Base Score : 2
Click HERE for more information and discussions on this network vulnerability scan.