250 matches found
Cross site scripting
Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "BILLINGGENDERTITLE1" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...
Cross site scripting
Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "stockdeliverytermstext1" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...
Cross site scripting
Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "zonename" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...
Cross site scripting
Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "countriesname1" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...
Cross site scripting
Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "MSEARCHENABLETITLE1" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...
Cross site scripting
Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "ordersstatusname1" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...
CVE-2023-5112 Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS)
Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "specialstypename1" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...
CVE-2023-5112 Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS)
Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "specialstypename1" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...
CVE-2023-5112
CVE-2023-5112 affects OsCommerce; the vulnerability is a reflected Cross-Site Scripting (XSS) issue where an attacker can inject JavaScript via the specials_type_name[1] parameter. Affected software is OsCommerce, with the issue described across multiple sources as enabling unauthorized script ex...
CVE-2023-5111 Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS)
Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "featuredtypename1" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...
CVE-2023-5111
CVE-2023-5111 affects OsCommerce: a Cross-Site Scripting (XSS) vulnerability allows attackers to inject JavaScript through the parameter featured_type_name[1] , potentially leading to unauthorized script execution in a user’s browser. The CVSS metrics indicate a Medium severity (5.4), with networ...
CVE-2023-5111 Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS)
Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "featuredtypename1" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...
CVE-2023-43735 Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS)
Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "formatstitles7" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...
CVE-2023-43735 Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS)
Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "formatstitles7" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...
CVE-2023-43735
CVE-2023-43735 affects OsCommerce (noted in CVEList as Os Commerce 4.12.56860) with a reflected XSS vulnerability. The flaw enables injection of JavaScript via the formats_titles[7] parameter, potentially leading to arbitrary script execution in a user’s browser. Other connected sources corrobora...
CVE-2023-43734 Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS)
Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "name" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...
CVE-2023-43734
CVE-2023-43734 affects OsCommerce and is described in multiple sources as a Cross-Site Scripting (XSS) vulnerability. The concrete detail present across connected documents is that an attacker can inject JavaScript through the user-supplied parameter named name , potentially leading to unauthoriz...
CVE-2023-43734 Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS)
Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "name" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...
CVE-2023-43733
CVE-2023-43733 concerns Os Commerce. The connected docs confirm a Cross‑Site Scripting (XSS) vulnerability where an attacker can inject JavaScript via the matter of the parameter named “company_address” in the web application, potentially leading to script execution in a user’s browser. The CVSS ...
CVE-2023-43733 Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS)
Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "companyaddress" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...