Filtered by vendor Oscommerce Subscriptions
Total 89 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-43722 1 Oscommerce 1 Oscommerce 2024-09-23 5.4 Medium
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "orders_status_groups_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
CVE-2023-43723 1 Oscommerce 1 Oscommerce 2024-09-23 5.4 Medium
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "orders_status_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
CVE-2023-43724 1 Oscommerce 1 Oscommerce 2024-09-20 5.4 Medium
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "derb6zmklgtjuhh2cn5chn2qjbm2stgmfa4.oastify.comscription[1][name]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
CVE-2023-43725 1 Oscommerce 1 Oscommerce 2024-09-20 5.4 Medium
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "orders_products_status_name_long[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
CVE-2023-43726 1 Oscommerce 1 Oscommerce 2024-09-20 5.4 Medium
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "orders_products_status_manual_name_long[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
CVE-2023-43727 1 Oscommerce 1 Oscommerce 2024-09-20 5.4 Medium
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "stock_indication_text[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
CVE-2023-43728 1 Oscommerce 1 Oscommerce 2024-09-20 5.4 Medium
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "stock_delivery_terms_text[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
CVE-2023-43729 1 Oscommerce 1 Oscommerce 2024-09-20 5.4 Medium
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "xsell_type_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
CVE-2023-43730 1 Oscommerce 1 Oscommerce 2024-09-20 5.4 Medium
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "countries_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
CVE-2023-43731 1 Oscommerce 1 Oscommerce 2024-09-20 5.4 Medium
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "zone_name" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
CVE-2023-43732 1 Oscommerce 1 Oscommerce 2024-09-20 5.4 Medium
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "tax_class_title" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
CVE-2023-43733 1 Oscommerce 1 Oscommerce 2024-09-20 5.4 Medium
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "company_address" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
CVE-2023-43734 1 Oscommerce 1 Oscommerce 2024-09-20 5.4 Medium
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "name" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
CVE-2023-43735 1 Oscommerce 1 Oscommerce 2024-09-20 5.4 Medium
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "formats_titles[7]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
CVE-2023-5111 1 Oscommerce 1 Oscommerce 2024-09-20 5.4 Medium
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "featured_type_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
CVE-2023-5112 1 Oscommerce 1 Oscommerce 2024-09-20 5.4 Medium
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "specials_type_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
CVE-2012-5798 2 Oscommerce, Paypal 2 Oscommerce, Payflow Pro Express Checkout 2024-09-17 N/A
The PayPal Pro PayFlow EC module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CVE-2006-6534 1 Oscommerce 1 Oscommerce 2024-09-17 N/A
Multiple cross-site scripting (XSS) vulnerabilities in osCommerce 3.0a3 allow remote attackers to inject arbitrary web script or HTML via the (1) set parameter to admin/modules.php, the (2) selected_box parameter to definitiva/admin/customers.php, the (3) lID parameter to admin/languages_definitions.php, or the (4) pID parameter to admin/products.php.
CVE-2012-0312 1 Oscommerce 2 Online Merchant, Oscommerce 2024-09-16 N/A
Cross-site scripting (XSS) vulnerability in osCommerce 2.2MS1J before R9, and osCommerce Online Merchant before 2.3.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-1792 1 Oscommerce 1 Online Merchant 2024-09-16 N/A
Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Setup/Application/Install/RPC/DBCheck.php in OSCommerce Online Merchant 3.0.2, when the software is being installed, allows remote attackers to inject arbitrary web script or HTML via the name parameter to oscommerce/index.php, which is not properly handled in an error message. NOTE: this might not be a vulnerability, since the ability to access oscommerce/index.php during installation may already imply administrator privileges.