Filtered by vendor Oscommerce
Subscriptions
Filtered by product Oscommerce
Subscriptions
Total
77 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-43724 | 1 Oscommerce | 1 Oscommerce | 2024-09-20 | 5.4 Medium |
| Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "derb6zmklgtjuhh2cn5chn2qjbm2stgmfa4.oastify.comscription[1][name]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | ||||
| CVE-2023-43725 | 1 Oscommerce | 1 Oscommerce | 2024-09-20 | 5.4 Medium |
| Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "orders_products_status_name_long[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | ||||
| CVE-2023-43726 | 1 Oscommerce | 1 Oscommerce | 2024-09-20 | 5.4 Medium |
| Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "orders_products_status_manual_name_long[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | ||||
| CVE-2023-43727 | 1 Oscommerce | 1 Oscommerce | 2024-09-20 | 5.4 Medium |
| Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "stock_indication_text[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | ||||
| CVE-2023-43728 | 1 Oscommerce | 1 Oscommerce | 2024-09-20 | 5.4 Medium |
| Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "stock_delivery_terms_text[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | ||||
| CVE-2023-43729 | 1 Oscommerce | 1 Oscommerce | 2024-09-20 | 5.4 Medium |
| Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "xsell_type_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | ||||
| CVE-2023-43730 | 1 Oscommerce | 1 Oscommerce | 2024-09-20 | 5.4 Medium |
| Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "countries_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | ||||
| CVE-2023-43731 | 1 Oscommerce | 1 Oscommerce | 2024-09-20 | 5.4 Medium |
| Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "zone_name" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | ||||
| CVE-2023-43732 | 1 Oscommerce | 1 Oscommerce | 2024-09-20 | 5.4 Medium |
| Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "tax_class_title" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | ||||
| CVE-2023-43733 | 1 Oscommerce | 1 Oscommerce | 2024-09-20 | 5.4 Medium |
| Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "company_address" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | ||||
| CVE-2023-43734 | 1 Oscommerce | 1 Oscommerce | 2024-09-20 | 5.4 Medium |
| Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "name" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | ||||
| CVE-2023-43735 | 1 Oscommerce | 1 Oscommerce | 2024-09-20 | 5.4 Medium |
| Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "formats_titles[7]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | ||||
| CVE-2023-5111 | 1 Oscommerce | 1 Oscommerce | 2024-09-20 | 5.4 Medium |
| Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "featured_type_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | ||||
| CVE-2023-5112 | 1 Oscommerce | 1 Oscommerce | 2024-09-20 | 5.4 Medium |
| Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "specials_type_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | ||||
| CVE-2012-5798 | 2 Oscommerce, Paypal | 2 Oscommerce, Payflow Pro Express Checkout | 2024-09-17 | N/A |
| The PayPal Pro PayFlow EC module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | ||||
| CVE-2006-6534 | 1 Oscommerce | 1 Oscommerce | 2024-09-17 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in osCommerce 3.0a3 allow remote attackers to inject arbitrary web script or HTML via the (1) set parameter to admin/modules.php, the (2) selected_box parameter to definitiva/admin/customers.php, the (3) lID parameter to admin/languages_definitions.php, or the (4) pID parameter to admin/products.php. | ||||
| CVE-2012-0312 | 1 Oscommerce | 2 Online Merchant, Oscommerce | 2024-09-16 | N/A |
| Cross-site scripting (XSS) vulnerability in osCommerce 2.2MS1J before R9, and osCommerce Online Merchant before 2.3.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2002-2019 | 1 Oscommerce | 1 Oscommerce | 2024-09-16 | N/A |
| PHP remote file inclusion vulnerability in include_once.php in osCommerce (a.k.a. Exchange Project) 2.1 allows remote attackers to execute arbitrary PHP code via the include_file parameter. | ||||
| CVE-2012-0311 | 1 Oscommerce | 1 Oscommerce | 2024-09-16 | N/A |
| Cross-site scripting (XSS) vulnerability in osCommerce 2.2MS1J before R9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2002-1991 | 1 Oscommerce | 1 Oscommerce | 2024-08-08 | N/A |
| PHP file inclusion vulnerability in osCommerce 2.1 execute arbitrary commands via the include_file parameter to include_once.php. | ||||