Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
oscommerce vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-4170
create_account.php in osCommerce 2.2 RC 2a allows remote malicious users to obtain sensitive information via an invalid dob parameter, which reveals the installation path in an error message.
Oscommerce Oscommerce 2.2
NA
CVE-2005-2330
Directory traversal vulnerability in extras/update.php in osCommerce 2.2 allows remote malicious users to read arbitrary files via (1) .. sequences or (2) a full pathname in the readme_file parameter.
Oscommerce Oscommerce 2.2 Ms2
1 EDB exploit
7.2
CVSSv3
CVE-2018-18572
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Because of this filter, script files with certain PHP-related extensions (such as .phtml and .php5) didn't execute in the application. But this filter didn...
Oscommerce Oscommerce 2.3.4.1
6.1
CVSSv3
CVE-2023-6296
A vulnerability was found in osCommerce 4. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /catalog/compare of the component Instant Message Handler. The manipulation of the argument compare with the input 40dz4iq"><sc...
Oscommerce Oscommerce 4.0
9.8
CVSSv3
CVE-2023-6579
A vulnerability, which was classified as critical, has been found in osCommerce 4. Affected by this issue is some unknown functionality of the file /b2b-supermarket/shopping-cart of the component POST Parameter Handler. The manipulation of the argument estimate[country_id] leads ...
Oscommerce Oscommerce 4.0
NA
CVE-2011-3767
osCommerce 3.0a5 allows remote malicious users to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by redirect.php.
Oscommerce Oscommerce 3.0a5
6.1
CVSSv3
CVE-2023-6609
A vulnerability was found in osCommerce 4. It has been classified as problematic. This affects an unknown part of the file /b2b-supermarket/catalog/all-products. The manipulation of the argument keywords with the input %27%22%3E%3Cimg%2Fsrc%3D1+onerror%3Dalert%28document.cookie%2...
Oscommerce Oscommerce 4.0
5.4
CVSSv3
CVE-2023-43710
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows malicious users to inject JS through the "configuration_title[1][MODULE_SHIPPING_PERCENT_TEXT_TITLE]" parameter, potentially leading to unauthorized execution o...
Oscommerce Oscommerce 4.12.56860
5.4
CVSSv3
CVE-2023-43723
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows malicious users to inject JS through the "orders_status_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web br...
Oscommerce Oscommerce 4.12.56860
5.4
CVSSv3
CVE-2023-43733
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows malicious users to inject JS through the "company_address" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
Oscommerce Oscommerce 4.12.56860
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
spoof
CVE-2024-34928
CVE-2024-5291
deserialization
CVE-2024-4471
CVE-2024-4956
CVE-2024-32002
CVE-2024-5227
unspecified
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »