Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
oscommerce oscommerce vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2020-12058
Several XSS vulnerabilities in osCommerce CE Phoenix prior to 1.0.6.0 allow an malicious user to inject and execute arbitrary JavaScript code. The malicious code can be injected as follows: the page parameter to catalog/admin/order_status.php, catalog/admin/tax_rates.php, catalog...
Oscommerce Ce Phoenix 1.0.6.0
383
VMScore
CVE-2012-2935
Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Shop/Application/Checkout/pages/main.php in OSCommerce Online Merchant 3.0.2 allows remote malicious users to inject arbitrary web script or HTML via the value_title parameter, a different vulnerability than CVE-...
Oscommerce Online Merchant 2.2
Oscommerce Online Merchant 2.3.1
Oscommerce Online Merchant
Oscommerce Online Merchant 2.3.0
383
VMScore
CVE-2012-0311
Cross-site scripting (XSS) vulnerability in osCommerce 2.2MS1J before R9 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Oscommerce Oscommerce 2.2ms1j-r2
Oscommerce Oscommerce 2.2ms1j-r5
Oscommerce Oscommerce 2.2ms1j-r6a
Oscommerce Oscommerce 2.2ms1j-r3
Oscommerce Oscommerce 2.2ms1j-r7
Oscommerce Oscommerce 2.2ms1j-r8
Oscommerce Oscommerce 2.2ms1j-r1
Oscommerce Oscommerce 2.2ms1j-r4
383
VMScore
CVE-2012-0312
Cross-site scripting (XSS) vulnerability in osCommerce 2.2MS1J before R9, and osCommerce Online Merchant prior to 2.3.1, allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Oscommerce Online Merchant 2.2
Oscommerce Online Merchant
Oscommerce Oscommerce 2.2ms1j-r2
Oscommerce Oscommerce 2.2ms1j-r5
Oscommerce Oscommerce 2.2ms1j-r6a
Oscommerce Oscommerce 2.2ms1j-r3
Oscommerce Oscommerce 2.2ms1j-r7
Oscommerce Oscommerce 2.2ms1j-r8
Oscommerce Oscommerce 2.2ms1j-r1
Oscommerce Oscommerce 2.2ms1j-r4
383
VMScore
CVE-2006-6534
Multiple cross-site scripting (XSS) vulnerabilities in osCommerce 3.0a3 allow remote malicious users to inject arbitrary web script or HTML via the (1) set parameter to admin/modules.php, the (2) selected_box parameter to definitiva/admin/customers.php, the (3) lID parameter to a...
Oscommerce Oscommerce 3.0a3
383
VMScore
CVE-2005-0458
Cross-site scripting (XSS) vulnerability in contact_us.php in osCommerce 2.2-MS2 allows remote malicious users to inject arbitrary web script or HTML via the enquiry parameter.
Oscommerce Oscommerce 2.2 Ms2
357
VMScore
CVE-2018-18964
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. The .htaccess file in catalog/images/ bans the html extension, but there are several extensions in which contained HTML can be executed, such as the svg extension.
Oscommerce Online Merchant 2.3.4.1
357
VMScore
CVE-2018-18965
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. The .htaccess file in catalog/images/ bans the html extension, but there are several alternative cases in which HTML can be executed, such as a file with no extensi...
Oscommerce Online Merchant 2.3.4.1
357
VMScore
CVE-2018-18966
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. The .htaccess file in catalog/images/ bans the html extension, but Internet Explorer render HTML elements in a .eml file.
Oscommerce Online Merchant 2.3.4.1
356
VMScore
CVE-2015-2965
Directory traversal vulnerability in osCommerce Japanese 2.2ms1j-R8 and previous versions allows remote authenticated administrators to read arbitrary files via unspecified vectors.
Oscommerce Oscommerce
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30078
CVE-2024-37896
code injection
CVE-2024-3080
CVE-2024-5172
cross-site request forgery
CVE-2024-6111
firmware
CVE-2024-38504
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »