Filtered by vendor Oscommerce
Subscriptions
Total
89 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-29070 | 1 Oscommerce | 1 Oscommerce | 2024-08-04 | 4.8 Medium |
| osCommerce 2.3.4.1 has XSS vulnerability via the authenticated user entering the XSS payload into the title section of newsletters. | ||||
| CVE-2020-27975 | 1 Oscommerce | 1 Oscommerce | 2024-08-04 | 8.8 High |
| osCommerce Phoenix CE before 1.0.5.4 allows admin/define_language.php CSRF. | ||||
| CVE-2020-27976 | 1 Oscommerce | 1 Oscommerce | 2024-08-04 | 9.8 Critical |
| osCommerce Phoenix CE before 1.0.5.4 allows OS command injection remotely. Within admin/mail.php, a from POST parameter can be passed to the application. This affects the PHP mail function, and the sendmail -f option. | ||||
| CVE-2020-23360 | 1 Oscommerce | 1 Oscommerce | 2024-08-04 | 9.8 Critical |
| oscommerce v2.3.4.1 has a functional problem in user registration and password rechecking, where a non-identical password can bypass the checks in /catalog/admin/administrators.php and /catalog/password_reset.php | ||||
| CVE-2020-12058 | 1 Oscommerce | 1 Ce Phoenix | 2024-08-04 | 6.1 Medium |
| Several XSS vulnerabilities in osCommerce CE Phoenix before 1.0.6.0 allow an attacker to inject and execute arbitrary JavaScript code. The malicious code can be injected as follows: the page parameter to catalog/admin/order_status.php, catalog/admin/tax_rates.php, catalog/admin/languages.php, catalog/admin/countries.php, catalog/admin/tax_classes.php, catalog/admin/reviews.php, or catalog/admin/zones.php; or the zpage or spage parameter to catalog/admin/geo_zones.php. | ||||
| CVE-2022-35212 | 1 Oscommerce | 1 Oscommerce | 2024-08-03 | 6.1 Medium |
| osCommerce2 before v2.3.4.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the function tep_db_error(). | ||||
| CVE-2023-6609 | 1 Oscommerce | 1 Oscommerce | 2024-08-02 | 3.5 Low |
| A vulnerability was found in osCommerce 4. It has been classified as problematic. This affects an unknown part of the file /b2b-supermarket/catalog/all-products. The manipulation of the argument keywords with the input %27%22%3E%3Cimg%2Fsrc%3D1+onerror%3Dalert%28document.cookie%29%3E leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247245 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-6579 | 1 Oscommerce | 1 Oscommerce | 2024-08-02 | 7.3 High |
| A vulnerability, which was classified as critical, has been found in osCommerce 4. Affected by this issue is some unknown functionality of the file /b2b-supermarket/shopping-cart of the component POST Parameter Handler. The manipulation of the argument estimate[country_id] leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-247160. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-6296 | 1 Oscommerce | 1 Oscommerce | 2024-08-02 | 4.3 Medium |
| A vulnerability was found in osCommerce 4. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /catalog/compare of the component Instant Message Handler. The manipulation of the argument compare with the input 40dz4iq"><script>alert(1)</script>zohkx leads to cross site scripting. The attack may be launched remotely. VDB-246122 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||