Packagist (Composer) package
oxid-esales/oxideshop-ce
pkg:composer/oxid-esales/oxideshop-ce
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-56526 | — | <= 7.0.5 | — | May 13, 2025 | An issue was discovered in OXID eShop before 7. CMS pages in combination with Smarty may display user information if a CMS page contains a Smarty syntax error. | ||
| CVE-2015-6926 | Hig | 7.5 | < 4.5.0 | 4.5.0 | Jan 19, 2018 | The OpenID Single Sign-On authentication functionality in OXID eShop before 4.5.0 allows remote attackers to impersonate users via the email address in a crafted authentication token. |
- CVE-2024-56526May 13, 2025affected <= 7.0.5
An issue was discovered in OXID eShop before 7. CMS pages in combination with Smarty may display user information if a CMS page contains a Smarty syntax error.
- affected < 4.5.0fixed 4.5.0
The OpenID Single Sign-On authentication functionality in OXID eShop before 4.5.0 allows remote attackers to impersonate users via the email address in a crafted authentication token.