Description
Cross-site scripting (XSS) vulnerability in the tep_href_link function in html_output.php for osCommerce before 2.2-MS3 allows remote attackers to inject arbitrary web script or HTML via the osCsid parameter.
Remediation
References
Related Vulnerabilities
WordPress Plugin xPinner Lite Multiple Vulnerabilities (2.2)
MySQL CVE-2021-2304 Vulnerability (CVE-2021-2304)
WordPress Plugin WooCommerce Anti-Fraud Security Bypass (3.2)
WordPress Plugin Responsive Lightbox by dFactory Cross-Site Scripting (1.4.11)
WordPress Plugin SEO Backlinks Cross-Site Request Forgery (4.0.1)