Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
oscommerce oscommerce vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2020-27976
osCommerce Phoenix CE prior to 1.0.5.4 allows OS command injection remotely. Within admin/mail.php, a from POST parameter can be passed to the application. This affects the PHP mail function, and the sendmail -f option.
Oscommerce Oscommerce
2.6
CVSSv2
CVE-2012-1792
Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Setup/Application/Install/RPC/DBCheck.php in OSCommerce Online Merchant 3.0.2, when the software is being installed, allows remote malicious users to inject arbitrary web script or HTML via the name parameter to ...
Oscommerce Online Merchant
Oscommerce Online Merchant 2.3.0
Oscommerce Online Merchant 2.2
Oscommerce Online Merchant 2.3.1
4.3
CVSSv2
CVE-2012-2935
Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Shop/Application/Checkout/pages/main.php in OSCommerce Online Merchant 3.0.2 allows remote malicious users to inject arbitrary web script or HTML via the value_title parameter, a different vulnerability than CVE-...
Oscommerce Online Merchant 2.3.0
Oscommerce Online Merchant 2.2
Oscommerce Online Merchant 2.3.1
Oscommerce Online Merchant
NA
CVE-2023-6296
A vulnerability was found in osCommerce 4. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /catalog/compare of the component Instant Message Handler. The manipulation of the argument compare with the input 40dz4iq"><sc...
Oscommerce Oscommerce 4.0
NA
CVE-2023-6579
A vulnerability, which was classified as critical, has been found in osCommerce 4. Affected by this issue is some unknown functionality of the file /b2b-supermarket/shopping-cart of the component POST Parameter Handler. The manipulation of the argument estimate[country_id] leads ...
Oscommerce Oscommerce 4.0
NA
CVE-2023-6609
A vulnerability was found in osCommerce 4. It has been classified as problematic. This affects an unknown part of the file /b2b-supermarket/catalog/all-products. The manipulation of the argument keywords with the input %27%22%3E%3Cimg%2Fsrc%3D1+onerror%3Dalert%28document.cookie%2...
Oscommerce Oscommerce 4.0
5
CVSSv2
CVE-2005-2330
Directory traversal vulnerability in extras/update.php in osCommerce 2.2 allows remote malicious users to read arbitrary files via (1) .. sequences or (2) a full pathname in the readme_file parameter.
Oscommerce Oscommerce 2.2 Ms2
1 EDB exploit
NA
CVE-2023-5111
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows malicious users to inject JS through the "featured_type_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web br...
Oscommerce Oscommerce 4.12.56860
NA
CVE-2023-5112
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows malicious users to inject JS through the "specials_type_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web br...
Oscommerce Oscommerce 4.12.56860
NA
CVE-2023-43702
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows malicious users to inject JS through the "tracking_number" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
Oscommerce Oscommerce 4.12.56860
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
firmware
CVE-2023-52866
CVE-2024-4367
CVE-2024-1721
CVE-2023-34992
XML injection
CVE-2023-52817
SQL
CVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »