osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. The .htaccess file in catalog/images/ bans the html extension, but Internet Explorer render HTML elements in a .eml file.
2018-11-06T04:29:00.317
2024-11-21T03:56:57.797
Modified
CVSSv3.0: 4.9 (MEDIUM)
AV:N/AC:L/Au:S/C:N/I:P/A:N
8.0
2.9
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | oscommerce | online_merchant | 2.3.4.1 | Yes |
Application | microsoft | internet_explorer | - | No |