Oscommerce

Oscommerce

81 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2023-43708

Exploit
  • EPSS 0.12%
  • Veröffentlicht 30.09.2023 03:15:09
  • Zuletzt bearbeitet 21.11.2024 08:24:37

Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "configuration_title[1](MODULE_PAYMENT_SAGE_PAY_SERVER_TEXT_TITLE)" parameter, potentially leading to una...

5.4

CVE-2023-43706

Exploit
  • EPSS 0.12%
  • Veröffentlicht 30.09.2023 02:15:09
  • Zuletzt bearbeitet 21.11.2024 08:24:37

Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "email_templates_key" parameter, potentially leading to unauthorized execution of scripts within a user's...

5.4

CVE-2023-43705

Exploit
  • EPSS 0.12%
  • Veröffentlicht 30.09.2023 02:15:09
  • Zuletzt bearbeitet 21.11.2024 08:24:36

Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "translation_value[1]" parameter, potentially leading to unauthorized execution of scripts within a user'...

5.4

CVE-2023-43704

Exploit
  • EPSS 0.12%
  • Veröffentlicht 30.09.2023 02:15:09
  • Zuletzt bearbeitet 21.11.2024 08:24:36

Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "title" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.

5.4

CVE-2023-43703

Exploit
  • EPSS 0.12%
  • Veröffentlicht 30.09.2023 02:15:09
  • Zuletzt bearbeitet 21.11.2024 08:24:36

Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "product_info[][name]" parameter, potentially leading to unauthorized execution of scripts within a user'...

5.4

CVE-2023-43702

Exploit
  • EPSS 0.12%
  • Veröffentlicht 30.09.2023 02:15:09
  • Zuletzt bearbeitet 21.11.2024 08:24:36

Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "tracking_number" parameter, potentially leading to unauthorized execution of scripts within a user's web...

6.1

CVE-2022-35212

  • EPSS 0.54%
  • Veröffentlicht 18.08.2022 20:15:11
  • Zuletzt bearbeitet 21.11.2024 07:10:54

osCommerce2 before v2.3.4.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the function tep_db_error().

9.8

CVE-2020-23360

Exploit
  • EPSS 0.36%
  • Veröffentlicht 27.01.2021 16:15:13
  • Zuletzt bearbeitet 21.11.2024 05:13:46

oscommerce v2.3.4.1 has a functional problem in user registration and password rechecking, where a non-identical password can bypass the checks in /catalog/admin/administrators.php and /catalog/password_reset.php

4.8

CVE-2020-29070

Exploit
  • EPSS 0.49%
  • Veröffentlicht 25.11.2020 20:15:10
  • Zuletzt bearbeitet 21.11.2024 05:23:38

osCommerce 2.3.4.1 has XSS vulnerability via the authenticated user entering the XSS payload into the title section of newsletters.

10

CVE-2020-27976

Exploit
  • EPSS 20.02%
  • Veröffentlicht 28.10.2020 15:15:13
  • Zuletzt bearbeitet 21.11.2024 05:22:08

osCommerce Phoenix CE before 1.0.5.4 allows OS command injection remotely. Within admin/mail.php, a from POST parameter can be passed to the application. This affects the PHP mail function, and the sendmail -f option.