Skip to main content

Online Merchant

9 CVEs product

Monthly

CVE-2018-18966 MEDIUM This Month

osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Online Merchant
NVD GitHub
CVSS 3.0
4.9
EPSS
1.0%
CVE-2018-18965 MEDIUM This Month

osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Online Merchant
NVD GitHub
CVSS 3.0
4.9
EPSS
1.0%
CVE-2018-18964 MEDIUM This Month

osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Online Merchant
NVD GitHub
CVSS 3.0
4.9
EPSS
1.0%
CVE-2014-10033 MEDIUM POC This Month

SQL injection vulnerability in the update_zone function in catalog/admin/geo_zones.php in osCommerce Online Merchant 2.3.3.4 and earlier allows remote administrators to execute arbitrary SQL commands. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Merchant
NVD Exploit-DB GitHub
CVSS 2.0
6.5
EPSS
0.9%
CVE-2012-2991 MEDIUM This Month

The PayPal (aka MODULE_PAYMENT_PAYPAL_STANDARD) module before 1.1 in osCommerce Online Merchant before 2.3.4 allows remote attackers to set the payment recipient via a modified value of the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Online Merchant Website Payments Standard Module
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2012-2935 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Shop/Application/Checkout/pages/main.php in OSCommerce Online Merchant 3.0.2 allows remote attackers to inject arbitrary web script. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

PHP XSS Online Merchant
NVD GitHub
CVSS 2.0
4.3
EPSS
0.2%
CVE-2012-1792 LOW POC Monitor

Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Setup/Application/Install/RPC/DBCheck.php in OSCommerce Online Merchant 3.0.2, when the software is being installed, allows remote. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Online Merchant
NVD
CVSS 2.0
2.6
EPSS
0.2%
CVE-2012-1059 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Shop/Application/Cart/pages/main.php in OSCommerce Online Merchant 3.0.2 allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Online Merchant
NVD Exploit-DB GitHub
CVSS 2.0
4.3
EPSS
7.0%
CVE-2012-0312 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in osCommerce 2.2MS1J before R9, and osCommerce Online Merchant before 2.3.1, allows remote attackers to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Online Merchant Oscommerce
NVD
CVSS 2.0
4.3
EPSS
0.3%
EPSS 1% CVSS 4.9
MEDIUM This Month

osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Online Merchant
NVD GitHub
EPSS 1% CVSS 4.9
MEDIUM This Month

osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Online Merchant
NVD GitHub
EPSS 1% CVSS 4.9
MEDIUM This Month

osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Online Merchant
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

SQL injection vulnerability in the update_zone function in catalog/admin/geo_zones.php in osCommerce Online Merchant 2.3.3.4 and earlier allows remote administrators to execute arbitrary SQL commands. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Merchant
NVD Exploit-DB GitHub
EPSS 1% CVSS 5.0
MEDIUM This Month

The PayPal (aka MODULE_PAYMENT_PAYPAL_STANDARD) module before 1.1 in osCommerce Online Merchant before 2.3.4 allows remote attackers to set the payment recipient via a modified value of the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Online Merchant Website Payments Standard Module
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Shop/Application/Checkout/pages/main.php in OSCommerce Online Merchant 3.0.2 allows remote attackers to inject arbitrary web script. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

PHP XSS Online Merchant
NVD GitHub
EPSS 0% CVSS 2.6
LOW POC Monitor

Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Setup/Application/Install/RPC/DBCheck.php in OSCommerce Online Merchant 3.0.2, when the software is being installed, allows remote. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Online Merchant
NVD
EPSS 7% CVSS 4.3
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Shop/Application/Cart/pages/main.php in OSCommerce Online Merchant 3.0.2 allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Online Merchant
NVD Exploit-DB GitHub
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in osCommerce 2.2MS1J before R9, and osCommerce Online Merchant before 2.3.1, allows remote attackers to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Online Merchant Oscommerce
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy