Lucene search
+L

824 matches found

redhatcve
redhatcve
added 2025/05/21 6:29 p.m.6 views

CVE-2006-6534

Multiple cross-site scripting XSS vulnerabilities in osCommerce 3.0a3 allow remote attackers to inject arbitrary web script or HTML via the 1 set parameter to admin/modules.php, the 2 selectedbox parameter to definitiva/admin/customers.php, the 3 lID parameter to admin/languagesdefinitions.php, o...

4.3CVSS6AI score0.01116EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/03/05 3:34 p.m.7 views

CVE-2025-25119

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Alejandro Aranda Woocommerce osCommerce Sync woo-oscommerce-sync allows Reflected XSS.This issue affects Woocommerce osCommerce Sync: from n/a through = 2.0.20...

7.1CVSS7.2AI score0.00276EPSS
Exploits0References1
nvd
nvd
added 2025/03/03 2:15 p.m.9 views

CVE-2025-25119

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Alejandro Aranda Woocommerce osCommerce Sync woo-oscommerce-sync allows Reflected XSS.This issue affects Woocommerce osCommerce Sync: from n/a through = 2.0.20...

7.1CVSS0.00276EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/03/03 1:30 p.m.16 views

CVE-2025-25119 WordPress Woocommerce osCommerce Sync plugin <= 2.0.20 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NotFound Woocommerce osCommerce Sync allows Reflected XSS. This issue affects Woocommerce osCommerce Sync: from n/a through 2.0.20...

7.1CVSS7AI score0.00276EPSS
Exploits0References1
cvelist
cvelist
added 2025/03/03 1:30 p.m.19 views

CVE-2025-25119 WordPress Woocommerce osCommerce Sync plugin <= 2.0.20 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Alejandro Aranda Woocommerce osCommerce Sync woo-oscommerce-sync allows Reflected XSS.This issue affects Woocommerce osCommerce Sync: from n/a through = 2.0.20...

7.1CVSS0.00276EPSS
Exploits0References1
cve
cve
added 2025/03/03 1:30 p.m.56 views

CVE-2025-25119

CVE-2025-25119 is a Cross-Site Scripting vulnerability in the WordPress plugin WooCommerce osCommerce Sync (NotFound)

7.1CVSS7.2AI score0.00276EPSS
Exploits0References1
cnnvd
cnnvd
added 2025/03/03 12:0 a.m.5 views

WordPress plugin Woocommerce osCommerce Sync 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

7.1CVSS8.1AI score0.00276EPSS
Exploits0References3
patchstack
patchstack
added 2025/02/02 4:8 p.m.4 views

WordPress Woocommerce osCommerce Sync plugin <= 2.0.20 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Woocommerce osCommerce Sync versions = 2.0.20...

7.1CVSS6.1AI score0.00276EPSS
Exploits0Affected Software1
nvd
nvd
added 2024/04/30 10:15 p.m.24 views

CVE-2024-4348

A vulnerability, which was classified as problematic, was found in osCommerce 4. Affected is an unknown function of the file /catalog/all-products. The manipulation of the argument cat leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to t...

5CVSS4.3AI score0.01828EPSS
Exploits1References3
cve
cve
added 2024/04/30 10:0 p.m.88 views

CVE-2024-4348

CVE-2024-4348 describes a cross-site scripting vulnerability in osCommerce 4. The flaw affects the file /catalog/all-products via the cat parameter, enabling remote attackers to inject scripts and potentially compromise users’ sessions. Public exploits/POCs exist (e.g., packets and templates), an...

5CVSS6AI score0.01828EPSS
Exploits1References3
vulnrichment
vulnrichment
added 2024/04/30 10:0 p.m.16 views

CVE-2024-4348 osCommerce all-products cross site scripting

A vulnerability, which was classified as problematic, was found in osCommerce 4. Affected is an unknown function of the file /catalog/all-products. The manipulation of the argument cat leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to t...

5CVSS4.4AI score0.01828EPSS
Exploits1References3
cvelist
cvelist
added 2024/04/30 10:0 p.m.36 views

CVE-2024-4348 osCommerce all-products cross site scripting

A vulnerability, which was classified as problematic, was found in osCommerce 4. Affected is an unknown function of the file /catalog/all-products. The manipulation of the argument cat leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to t...

5CVSS4.6AI score0.01828EPSS
Exploits1References3
cnnvd
cnnvd
added 2024/04/30 12:0 a.m.4 views

osCommerce 跨站脚本漏洞

osCommerce is an open source online shopping e-commerce solution based on the GNUGPL license. A cross-site scripting vulnerability exists in osCommerce v4. The vulnerability stems from the parameter cat in the file /catalog/all-products that causes cross-site scripting...

5CVSS6AI score0.01828EPSS
Exploits1References4
packetstorm
packetstorm
added 2024/04/30 12:0 a.m.550 views

osCommerce 4 Cross Site Scripting

Exploit Title: osCommerce 4 - Reflected XSS Exploit Author: skalvin Date: 22/04/2024 Vendor: osCommerce ltd. Vendor Homepage: https://www.oscommerce.com/ Software Link: https://demo.oscommerce.com/ Demo Link: https://demo.oscommerce.com/furniture/ Tested on: Windows 11 Pro Impact: Manipulate the...

7.4AI score0.01828EPSS
Exploits1
nvd
nvd
added 2024/03/21 4:15 a.m.9 views

CVE-2024-22724

An issue was discovered in osCommerce v4, allows local attackers to bypass file upload restrictions and execute arbitrary code via administrator profile photo upload feature...

6.6CVSS7.4AI score0.00309EPSS
Exploits1References2
osv
osv
added 2024/03/21 4:15 a.m.4 views

CVE-2024-22724

An issue was discovered in osCommerce v4, allows local attackers to bypass file upload restrictions and execute arbitrary code via administrator profile photo upload feature...

6.6CVSS6AI score0.00309EPSS
Exploits1References2
vulnrichment
vulnrichment
added 2024/03/21 12:0 a.m.13 views

CVE-2024-22724

An issue was discovered in osCommerce v4, allows local attackers to bypass file upload restrictions and execute arbitrary code via administrator profile photo upload feature...

7.9AI score0.00309EPSS
Exploits1References2
cve
cve
added 2024/03/21 12:0 a.m.62 views

CVE-2024-22724

OSCommerce v4 is affected by CVE-2024-22724. The issue allows local attackers to bypass file upload restrictions in the administrator profile photo upload feature and execute arbitrary code. Documents consistently describe a local, credentialed path to code execution via file upload, but do not p...

6.6CVSS7.6AI score0.00309EPSS
Exploits1References2Affected Software1
ptsecurity
ptsecurity
added 2024/03/21 12:0 a.m.4 views

PT-2024-19544 · Unknown · Oscommerce

Name of the Vulnerable Software and Affected Versions: osCommerce version 4 Description: An issue allows local attackers to bypass file upload restrictions and execute arbitrary code via the administrator profile photo upload feature. Recommendations: For osCommerce version 4, as a temporary...

6.6CVSS7.2AI score0.00309EPSS
Exploits1References6
cnnvd
cnnvd
added 2024/03/21 12:0 a.m.5 views

osCommerce 安全漏洞

osCommerce is an open source online shopping e-commerce solution based on the GNUGPL license. A security vulnerability exists in osCommerce version v4 that originated from a vulnerability that allows local attackers to bypass file upload restrictions and execute arbitrary code via the administrat...

6.6CVSS7.5AI score0.00309EPSS
Exploits1References3
Rows per page
Query Builder