Security experts at Trend Micro have identified a security flaw in osCommerce that has been used by criminals to gain banking information from cardholders who view the site.

This vulnerability allows code to be injected into the site. This code add iframes to multiple pages on the site which, through multiple redirects, attempts to breach the cardholders security using 4 known vulnerabilities in old versions of software that they *may* have installed on their system.