VYPR

Oscommerce

by OsCommerce

Source repositories

CVEs (65)

  • CVE-2023-43729Sep 30, 2023
    risk 0.00cvss epss 0.00

    Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "xsell_type_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.

  • CVE-2023-43725Sep 30, 2023
    risk 0.00cvss epss 0.00

    Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "orders_products_status_name_long[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.

  • CVE-2023-43724Sep 30, 2023
    risk 0.00cvss epss 0.00

    Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "derb6zmklgtjuhh2cn5chn2qjbm2stgmfa4.oastify.comscription[1][name]" parameter, potentially leading to unauthorized execution of…

  • CVE-2023-43723Sep 30, 2023
    risk 0.00cvss epss 0.00

    Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "orders_status_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.

  • CVE-2023-43719Sep 30, 2023
    risk 0.00cvss epss 0.00

    Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "SHIPPING_GENDER_TITLE[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.

  • CVE-2023-43717Sep 30, 2023
    risk 0.00cvss epss 0.00

    Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "MSEARCH_HIGHLIGHT_ENABLE_TITLE[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.

  • CVE-2023-43716Sep 30, 2023
    risk 0.00cvss epss 0.00

    Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "MAX_DISPLAY_NEW_PRODUCTS_TITLE[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.

  • CVE-2023-43715Sep 30, 2023
    risk 0.00cvss epss 0.00

    Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "ENTRY_FIRST_NAME_MIN_LENGTH_TITLE[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.

  • CVE-2023-43714Sep 30, 2023
    risk 0.00cvss epss 0.00

    Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "SKIP_CART_PAGE_TITLE[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.

  • CVE-2023-43712Sep 30, 2023
    risk 0.00cvss epss 0.00

    Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "access_levels_name" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.

  • CVE-2023-43711Sep 30, 2023
    risk 0.00cvss epss 0.00

    Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "admin_firstname" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.

  • CVE-2023-43704Sep 30, 2023
    risk 0.00cvss epss 0.00

    Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "title" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.

  • CVE-2023-43703Sep 30, 2023
    risk 0.00cvss epss 0.00

    Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "product_info[][name]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.

  • CVE-2023-43702Sep 30, 2023
    risk 0.00cvss epss 0.00

    Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "tracking_number" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.

  • CVE-2022-35212Aug 18, 2022
    risk 0.00cvss epss 0.00

    osCommerce2 before v2.3.4.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the function tep_db_error().

  • CVE-2020-23360Jan 27, 2021
    risk 0.00cvss epss 0.01

    oscommerce v2.3.4.1 has a functional problem in user registration and password rechecking, where a non-identical password can bypass the checks in /catalog/admin/administrators.php and /catalog/password_reset.php

  • CVE-2020-29070Nov 25, 2020
    risk 0.00cvss epss 0.01

    osCommerce 2.3.4.1 has XSS vulnerability via the authenticated user entering the XSS payload into the title section of newsletters.

  • CVE-2018-18573Aug 22, 2019
    risk 0.00cvss epss 0.03

    osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Remote authenticated administrators can upload new '.htaccess' files (e.g., omitting .php) and subsequently achieve arbitrary PHP code execution via a…

  • CVE-2018-18572Aug 22, 2019
    risk 0.00cvss epss 0.03

    osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Because of this filter, script files with certain PHP-related extensions (such as .phtml and .php5) didn't execute in the application. But this filter didn't prevent the '.pht'…

  • CVE-2018-18964Nov 6, 2018
    risk 0.00cvss epss 0.01

    osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. The .htaccess file in catalog/images/ bans the html extension, but there are several extensions in which contained HTML can be executed, such as the svg extension.