osCommerce is an online shop e-commerce solution under on going development by the open
source community. Its feature packed out-of-the-box installation allows store owners to
setup, run, and maintain their online stores with minimum effort and with absolutely no
costs or license fees involved.
osCommerce is vulnerable to a XSS flaw. The flaw can be exploited when a malicious user
passes a malformed session ID to URI. Below is an example of the flaw.