Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
oscommerce oscommerce vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2020-29070
osCommerce 2.3.4.1 has XSS vulnerability via the authenticated user entering the XSS payload into the title section of newsletters.
Oscommerce Oscommerce 2.3.4.1
1 Github repository
2.6
CVSSv2
CVE-2012-1792
Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Setup/Application/Install/RPC/DBCheck.php in OSCommerce Online Merchant 3.0.2, when the software is being installed, allows remote malicious users to inject arbitrary web script or HTML via the name parameter to ...
Oscommerce Online Merchant
Oscommerce Online Merchant 2.3.0
Oscommerce Online Merchant 2.2
Oscommerce Online Merchant 2.3.1
NA
CVE-2024-4348
A vulnerability, which was classified as problematic, was found in osCommerce 4. Affected is an unknown function of the file /catalog/all-products. The manipulation of the argument cat leads to cross site scripting. It is possible to launch the attack remotely. The exploit has be...
NA
CVE-2024-22724
An issue exists in osCommerce v4, allows local malicious users to bypass file upload restrictions and execute arbitrary code via administrator profile photo upload feature.
NA
CVE-2023-6609
A vulnerability was found in osCommerce 4. It has been classified as problematic. This affects an unknown part of the file /b2b-supermarket/catalog/all-products. The manipulation of the argument keywords with the input %27%22%3E%3Cimg%2Fsrc%3D1+onerror%3Dalert%28document.cookie%2...
Oscommerce Oscommerce 4.0
NA
CVE-2023-6579
A vulnerability, which was classified as critical, has been found in osCommerce 4. Affected by this issue is some unknown functionality of the file /b2b-supermarket/shopping-cart of the component POST Parameter Handler. The manipulation of the argument estimate[country_id] leads ...
Oscommerce Oscommerce 4.0
NA
CVE-2023-6296
A vulnerability was found in osCommerce 4. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /catalog/compare of the component Instant Message Handler. The manipulation of the argument compare with the input 40dz4iq"><sc...
Oscommerce Oscommerce 4.0
NA
CVE-2023-5111
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows malicious users to inject JS through the "featured_type_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web br...
Oscommerce Oscommerce 4.12.56860
NA
CVE-2023-5112
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows malicious users to inject JS through the "specials_type_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web br...
Oscommerce Oscommerce 4.12.56860
NA
CVE-2023-43732
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows malicious users to inject JS through the "tax_class_title" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
Oscommerce Oscommerce 4.12.56860
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »