Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
oscommerce oscommerce - vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-43702
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows malicious users to inject JS through the "tracking_number" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
Oscommerce Oscommerce 4.12.56860
NA
CVE-2023-43703
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows malicious users to inject JS through the "product_info[][name]" parameter, potentially leading to unauthorized execution of scripts within a user's web bro...
Oscommerce Oscommerce 4.12.56860
NA
CVE-2023-43711
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows malicious users to inject JS through the "admin_firstname" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
Oscommerce Oscommerce 4.12.56860
668
VMScore
CVE-2011-4543
Multiple directory traversal vulnerabilities in osCommerce 3.0.2 allow remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the (1) set or (2) module parameter to (a) OM/Core/Site/Admin/Application/templates_modules/pages/info.php, (b) OM/Core...
Oscommerce Oscommerce 3.0.2
668
VMScore
CVE-2020-23360
oscommerce v2.3.4.1 has a functional problem in user registration and password rechecking, where a non-identical password can bypass the checks in /catalog/admin/administrators.php and /catalog/password_reset.php
Oscommerce Oscommerce 2.3.4.1
755
VMScore
CVE-2002-1991
PHP file inclusion vulnerability in osCommerce 2.1 execute arbitrary commands via the include_file parameter to include_once.php.
Oscommerce Oscommerce 2.1
1 EDB exploit
755
VMScore
CVE-2002-2019
PHP remote file inclusion vulnerability in include_once.php in osCommerce (a.k.a. Exchange Project) 2.1 allows remote malicious users to execute arbitrary PHP code via the include_file parameter.
Oscommerce Oscommerce 2.1
1 EDB exploit
383
VMScore
CVE-2006-6534
Multiple cross-site scripting (XSS) vulnerabilities in osCommerce 3.0a3 allow remote malicious users to inject arbitrary web script or HTML via the (1) set parameter to admin/modules.php, the (2) selected_box parameter to definitiva/admin/customers.php, the (3) lID parameter to a...
Oscommerce Oscommerce 3.0a3
580
VMScore
CVE-2018-18572
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Because of this filter, script files with certain PHP-related extensions (such as .phtml and .php5) didn't execute in the application. But this filter didn...
Oscommerce Oscommerce 2.3.4.1
578
VMScore
CVE-2018-18573
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Remote authenticated administrators can upload new '.htaccess' files (e.g., omitting .php) and subsequently achieve arbitrary PHP code execution via a /ca...
Oscommerce Oscommerce 2.3.4.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2018-25103
CVE-2024-36279
CVE-2024-38457
elevation of privilege
CVE-2024-27801
CVE-2024-30103
NULL pointer dereference
CVE-2024-6057
XML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »