Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
oscommerce vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-43716
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows malicious users to inject JS through the "MAX_DISPLAY_NEW_PRODUCTS_TITLE[1]" parameter, potentially leading to unauthorized execution of scripts within a user...
Oscommerce Oscommerce 4.12.56860
5.4
CVSSv3
CVE-2023-43717
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows malicious users to inject JS through the "MSEARCH_HIGHLIGHT_ENABLE_TITLE[1]" parameter, potentially leading to unauthorized execution of scripts within a user...
Oscommerce Oscommerce 4.12.56860
NA
CVE-2008-4170
create_account.php in osCommerce 2.2 RC 2a allows remote malicious users to obtain sensitive information via an invalid dob parameter, which reveals the installation path in an error message.
Oscommerce Oscommerce 2.2
5.4
CVSSv3
CVE-2023-43729
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows malicious users to inject JS through the "xsell_type_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web brows...
Oscommerce Oscommerce 4.12.56860
4.8
CVSSv3
CVE-2020-29070
osCommerce 2.3.4.1 has XSS vulnerability via the authenticated user entering the XSS payload into the title section of newsletters.
Oscommerce Oscommerce 2.3.4.1
1 Github repository
NA
CVE-2005-2330
Directory traversal vulnerability in extras/update.php in osCommerce 2.2 allows remote malicious users to read arbitrary files via (1) .. sequences or (2) a full pathname in the readme_file parameter.
Oscommerce Oscommerce 2.2 Ms2
1 EDB exploit
NA
CVE-2005-0458
Cross-site scripting (XSS) vulnerability in contact_us.php in osCommerce 2.2-MS2 allows remote malicious users to inject arbitrary web script or HTML via the enquiry parameter.
Oscommerce Oscommerce 2.2 Ms2
5.4
CVSSv3
CVE-2023-43718
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows malicious users to inject JS through the "MSEARCH_ENABLE_TITLE[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web ...
Oscommerce Oscommerce 4.12.56860
5.4
CVSSv3
CVE-2023-43719
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows malicious users to inject JS through the "SHIPPING_GENDER_TITLE[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web...
Oscommerce Oscommerce 4.12.56860
NA
CVE-2004-2638
The Admin Access With Levels plugin in osCommerce 1.5.1 allows remote malicious users to access files in the "admin/" directory by modifying the in_login parameter to a non-zero value.
Oscommerce Oscommerce 1.5.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »