VYPR

Oscommerce

by OsCommerce

Source repositories

CVEs (65)

  • CVE-2006-4298Aug 23, 2006
    risk 0.00cvss epss 0.02

    Multiple directory traversal vulnerabilities in cache.php in osCommerce before 2.2 Milestone 2 060817 allow remote attackers to determine existence of arbitrary files and disclose the installation path via a .. (dot dot) in unspecified parameters in the (1)…

  • CVE-2005-1951Jun 16, 2005
    risk 0.00cvss epss 0.02

    Multiple HTTP Response Splitting vulnerabilities in osCommerce 2.2 Milestone 2 and earlier allow remote attackers to spoof web content and poison web caches via hex-encoded CRLF ("%0d%0a") sequences in the (1) products_id or (2) pid parameter to index.php or (3) goto parameter…

  • CVE-2005-0458May 2, 2005
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in contact_us.php in osCommerce 2.2-MS2 allows remote attackers to inject arbitrary web script or HTML via the enquiry parameter.

  • CVE-2004-2638Dec 31, 2004
    risk 0.00cvss epss 0.02

    The Admin Access With Levels plugin in osCommerce 1.5.1 allows remote attackers to access files in the "admin/" directory by modifying the in_login parameter to a non-zero value.

  • CVE-2003-1219Dec 31, 2003
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in the tep_href_link function in html_output.php for osCommerce before 2.2-MS3 allows remote attackers to inject arbitrary web script or HTML via the osCsid parameter.

Page 4 of 4