Oscmax
by Oscmax
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-1665 | 0.03 | — | 0.02 | May 20, 2015 | Multiple SQL injection vulnerabilities in the admin panel in osCMax before 2.5.1 allow (1) remote attackers to execute arbitrary SQL commands via the username parameter in a process action to admin/login.php or (2) remote administrators to execute arbitrary SQL commands via the… | |||
| CVE-2012-1664 | 0.03 | — | 0.03 | May 20, 2015 | Multiple cross-site scripting (XSS) vulnerabilities in the admin panel in osCMax before 2.5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter in a process action to admin/login.php; (2) pageTitle, (3) current_product_id, or (4) cPath… | |||
| CVE-2012-6691 | 0.00 | — | 0.01 | May 20, 2015 | Multiple cross-site request forgery (CSRF) vulnerabilities in the admin panel in osCMax before 2.5.1 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the (1) status parameter to… | |||
| CVE-2007-4959 | 0.00 | — | 0.01 | Sep 18, 2007 | Cross-site scripting (XSS) vulnerability in catalog_products_with_images.php in osCMax 2.0.0-RC3-0-1 allows remote attackers to inject arbitrary web script or HTML via the URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party… |
- CVE-2012-1665May 20, 2015risk 0.03cvss —epss 0.02
Multiple SQL injection vulnerabilities in the admin panel in osCMax before 2.5.1 allow (1) remote attackers to execute arbitrary SQL commands via the username parameter in a process action to admin/login.php or (2) remote administrators to execute arbitrary SQL commands via the…
- CVE-2012-1664May 20, 2015risk 0.03cvss —epss 0.03
Multiple cross-site scripting (XSS) vulnerabilities in the admin panel in osCMax before 2.5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter in a process action to admin/login.php; (2) pageTitle, (3) current_product_id, or (4) cPath…
- CVE-2012-6691May 20, 2015risk 0.00cvss —epss 0.01
Multiple cross-site request forgery (CSRF) vulnerabilities in the admin panel in osCMax before 2.5.1 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the (1) status parameter to…
- CVE-2007-4959Sep 18, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in catalog_products_with_images.php in osCMax 2.0.0-RC3-0-1 allows remote attackers to inject arbitrary web script or HTML via the URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…