VYPR

Packagist (Composer) package

oxid-esales/oxideshop-ce

pkg:composer/oxid-esales/oxideshop-ce

Vulnerabilities (2)

  • CVE-2024-56526May 13, 2025
    affected <= 7.0.5

    An issue was discovered in OXID eShop before 7. CMS pages in combination with Smarty may display user information if a CMS page contains a Smarty syntax error.

  • CVE-2015-6926HigJan 19, 2018
    affected < 4.5.0fixed 4.5.0

    The OpenID Single Sign-On authentication functionality in OXID eShop before 4.5.0 allows remote attackers to impersonate users via the email address in a crafted authentication token.