Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
oscommerce vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-43733
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows malicious users to inject JS through the "company_address" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
Oscommerce Oscommerce 4.12.56860
NA
CVE-2023-43734
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows malicious users to inject JS through the "name" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
Oscommerce Oscommerce 4.12.56860
NA
CVE-2023-43735
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows malicious users to inject JS through the "formats_titles[7]" parameter, potentially leading to unauthorized execution of scripts within a user's web browse...
Oscommerce Oscommerce 4.12.56860
445
VMScore
CVE-2008-4170
create_account.php in osCommerce 2.2 RC 2a allows remote malicious users to obtain sensitive information via an invalid dob parameter, which reveals the installation path in an error message.
Oscommerce Oscommerce 2.2
383
VMScore
CVE-2005-0458
Cross-site scripting (XSS) vulnerability in contact_us.php in osCommerce 2.2-MS2 allows remote malicious users to inject arbitrary web script or HTML via the enquiry parameter.
Oscommerce Oscommerce 2.2 Ms2
NA
CVE-2023-5111
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows malicious users to inject JS through the "featured_type_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web br...
Oscommerce Oscommerce 4.12.56860
534
VMScore
CVE-2009-0408
Cross-site request forgery (CSRF) vulnerability in osCommerce 2.2 RC 2a allows remote malicious users to hijack the authentication of administrators.
Oscommerce Oscommerce 2.2
668
VMScore
CVE-2020-23360
oscommerce v2.3.4.1 has a functional problem in user registration and password rechecking, where a non-identical password can bypass the checks in /catalog/admin/administrators.php and /catalog/password_reset.php
Oscommerce Oscommerce 2.3.4.1
668
VMScore
CVE-2011-4543
Multiple directory traversal vulnerabilities in osCommerce 3.0.2 allow remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the (1) set or (2) module parameter to (a) OM/Core/Site/Admin/Application/templates_modules/pages/info.php, (b) OM/Core...
Oscommerce Oscommerce 3.0.2
755
VMScore
CVE-2002-2019
PHP remote file inclusion vulnerability in include_once.php in osCommerce (a.k.a. Exchange Project) 2.1 allows remote malicious users to execute arbitrary PHP code via the include_file parameter.
Oscommerce Oscommerce 2.1
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »