Unrated severityNVD Advisory· Published Oct 15, 2013· Updated Apr 29, 2026
CVE-2013-5913
CVE-2013-5913
Description
Cross-site scripting (XSS) vulnerability in the getRecommSearch function in recommlist.php in OXID eShop before 4.6.7, Professional and Community Edition 4.7.x before 4.7.8, and Enterprise Edition 5.x before 5.0.8 allows remote attackers to inject arbitrary web script or HTML via the searchrecomm parameter.
Affected products
31cpe:2.3:a:oxid-esales:eshop:*:*:*:*:*:*:*:*+ 30 more
- cpe:2.3:a:oxid-esales:eshop:*:*:*:*:*:*:*:*range: <=4.6.6
- cpe:2.3:a:oxid-esales:eshop:4.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:oxid-esales:eshop:4.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:oxid-esales:eshop:4.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:oxid-esales:eshop:4.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:oxid-esales:eshop:4.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:oxid-esales:eshop:4.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:oxid-esales:eshop:4.7.0:*:*:*:community:*:*:*
- cpe:2.3:a:oxid-esales:eshop:4.7.0:*:*:*:professional:*:*:*
- cpe:2.3:a:oxid-esales:eshop:4.7.1:*:*:*:community:*:*:*
- cpe:2.3:a:oxid-esales:eshop:4.7.1:*:*:*:professional:*:*:*
- cpe:2.3:a:oxid-esales:eshop:4.7.2:*:*:*:community:*:*:*
- cpe:2.3:a:oxid-esales:eshop:4.7.2:*:*:*:professional:*:*:*
- cpe:2.3:a:oxid-esales:eshop:4.7.3:*:*:*:community:*:*:*
- cpe:2.3:a:oxid-esales:eshop:4.7.3:*:*:*:professional:*:*:*
- cpe:2.3:a:oxid-esales:eshop:4.7.4:*:*:*:community:*:*:*
- cpe:2.3:a:oxid-esales:eshop:4.7.4:*:*:*:professional:*:*:*
- cpe:2.3:a:oxid-esales:eshop:4.7.5:*:*:*:community:*:*:*
- cpe:2.3:a:oxid-esales:eshop:4.7.5:*:*:*:professional:*:*:*
- cpe:2.3:a:oxid-esales:eshop:4.7.6:*:*:*:community:*:*:*
- cpe:2.3:a:oxid-esales:eshop:4.7.6:*:*:*:professional:*:*:*
- cpe:2.3:a:oxid-esales:eshop:4.7.7:*:*:*:community:*:*:*
- cpe:2.3:a:oxid-esales:eshop:4.7.7:*:*:*:professional:*:*:*
- cpe:2.3:a:oxid-esales:eshop:5.0.0:*:*:*:enterprise:*:*:*
- cpe:2.3:a:oxid-esales:eshop:5.0.1:*:*:*:enterprise:*:*:*
- cpe:2.3:a:oxid-esales:eshop:5.0.2:*:*:*:enterprise:*:*:*
- cpe:2.3:a:oxid-esales:eshop:5.0.3:*:*:*:enterprise:*:*:*
- cpe:2.3:a:oxid-esales:eshop:5.0.4:*:*:*:enterprise:*:*:*
- cpe:2.3:a:oxid-esales:eshop:5.0.5:*:*:*:enterprise:*:*:*
- cpe:2.3:a:oxid-esales:eshop:5.0.6:*:*:*:enterprise:*:*:*
- cpe:2.3:a:oxid-esales:eshop:5.0.7:*:*:*:enterprise:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- secunia.com/advisories/55193nvdVendor Advisory
- wiki.oxidforge.org/Security_bulletins/2013-001nvdVendor Advisory
- www.securityfocus.com/bid/62901nvdThird Party AdvisoryVDB Entry
- osvdb.org/98235nvdBroken Link
- exchange.xforce.ibmcloud.com/vulnerabilities/87760nvdVDB Entry
News mentions
0No linked articles in our index yet.