This script is Copyright (C) 2005-2014 Tenable Network Security, Inc.
The remote host has a PHP script that is affected by a cross-site
The installed version of OSCommerce is vulnerable to a cross-site
scripting (XSS) attack. An attacker, exploiting this flaw, would need
to be able to coerce an unsuspecting user into visiting a malicious
website. Upon successful exploitation, the attacker would potentially
be able to steal credentials or execute browser-side code.
Unknown at this time.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 4.3
Public Exploit Available : true