Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
oscommerce oscommerce vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-5111
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows malicious users to inject JS through the "featured_type_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web br...
Oscommerce Oscommerce 4.12.56860
NA
CVE-2023-5112
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows malicious users to inject JS through the "specials_type_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web br...
Oscommerce Oscommerce 4.12.56860
6.5
CVSSv2
CVE-2018-18572
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Because of this filter, script files with certain PHP-related extensions (such as .phtml and .php5) didn't execute in the application. But this filter didn...
Oscommerce Oscommerce 2.3.4.1
6.5
CVSSv2
CVE-2018-18573
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Remote authenticated administrators can upload new '.htaccess' files (e.g., omitting .php) and subsequently achieve arbitrary PHP code execution via a /ca...
Oscommerce Oscommerce 2.3.4.1
7.5
CVSSv2
CVE-2011-4543
Multiple directory traversal vulnerabilities in osCommerce 3.0.2 allow remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the (1) set or (2) module parameter to (a) OM/Core/Site/Admin/Application/templates_modules/pages/info.php, (b) OM/Core...
Oscommerce Oscommerce 3.0.2
7.5
CVSSv2
CVE-2004-2638
The Admin Access With Levels plugin in osCommerce 1.5.1 allows remote malicious users to access files in the "admin/" directory by modifying the in_login parameter to a non-zero value.
Oscommerce Oscommerce 1.5.1
3.5
CVSSv2
CVE-2020-29070
osCommerce 2.3.4.1 has XSS vulnerability via the authenticated user entering the XSS payload into the title section of newsletters.
Oscommerce Oscommerce 2.3.4.1
1 Github repository
5
CVSSv2
CVE-2005-2330
Directory traversal vulnerability in extras/update.php in osCommerce 2.2 allows remote malicious users to read arbitrary files via (1) .. sequences or (2) a full pathname in the readme_file parameter.
Oscommerce Oscommerce 2.2 Ms2
1 EDB exploit
NA
CVE-2023-43727
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows malicious users to inject JS through the "stock_indication_text[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web...
Oscommerce Oscommerce 4.12.56860
NA
CVE-2023-43728
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows malicious users to inject JS through the "stock_delivery_terms_text[1]" parameter, potentially leading to unauthorized execution of scripts within a user's...
Oscommerce Oscommerce 4.12.56860
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »