Description
Multiple HTTP Response Splitting vulnerabilities in osCommerce 2.2 Milestone 2 and earlier allow remote attackers to spoof web content and poison web caches via hex-encoded CRLF ("%0d%0a") sequences in the (1) products_id or (2) pid parameter to index.php or (3) goto parameter to banner.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin Jetpack-WP Security, Backup, Speed, & Growth Cross-Site Scripting (3.9.1)
WordPress Plugin Search Exclude Security Bypass (1.2.2)
WordPress Plugin Stockists Manager for Woocommerce Cross-Site Request Forgery (1.0.2.1)
WordPress Plugin Facebook With Login Multiple Vulnerabilities (1.0)