824 matches found
CVE-2006-6534
Multiple cross-site scripting XSS vulnerabilities in osCommerce 3.0a3 allow remote attackers to inject arbitrary web script or HTML via the 1 set parameter to admin/modules.php, the 2 selectedbox parameter to definitiva/admin/customers.php, the 3 lID parameter to admin/languagesdefinitions.php, o...
CVE-2025-25119
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Alejandro Aranda Woocommerce osCommerce Sync woo-oscommerce-sync allows Reflected XSS.This issue affects Woocommerce osCommerce Sync: from n/a through = 2.0.20...
CVE-2025-25119
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Alejandro Aranda Woocommerce osCommerce Sync woo-oscommerce-sync allows Reflected XSS.This issue affects Woocommerce osCommerce Sync: from n/a through = 2.0.20...
CVE-2025-25119 WordPress Woocommerce osCommerce Sync plugin <= 2.0.20 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NotFound Woocommerce osCommerce Sync allows Reflected XSS. This issue affects Woocommerce osCommerce Sync: from n/a through 2.0.20...
CVE-2025-25119 WordPress Woocommerce osCommerce Sync plugin <= 2.0.20 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Alejandro Aranda Woocommerce osCommerce Sync woo-oscommerce-sync allows Reflected XSS.This issue affects Woocommerce osCommerce Sync: from n/a through = 2.0.20...
CVE-2025-25119
CVE-2025-25119 is a Cross-Site Scripting vulnerability in the WordPress plugin WooCommerce osCommerce Sync (NotFound)
WordPress plugin Woocommerce osCommerce Sync 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress Woocommerce osCommerce Sync plugin <= 2.0.20 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Woocommerce osCommerce Sync versions = 2.0.20...
CVE-2024-4348
A vulnerability, which was classified as problematic, was found in osCommerce 4. Affected is an unknown function of the file /catalog/all-products. The manipulation of the argument cat leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to t...
CVE-2024-4348
CVE-2024-4348 describes a cross-site scripting vulnerability in osCommerce 4. The flaw affects the file /catalog/all-products via the cat parameter, enabling remote attackers to inject scripts and potentially compromise users’ sessions. Public exploits/POCs exist (e.g., packets and templates), an...
CVE-2024-4348 osCommerce all-products cross site scripting
A vulnerability, which was classified as problematic, was found in osCommerce 4. Affected is an unknown function of the file /catalog/all-products. The manipulation of the argument cat leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to t...
CVE-2024-4348 osCommerce all-products cross site scripting
A vulnerability, which was classified as problematic, was found in osCommerce 4. Affected is an unknown function of the file /catalog/all-products. The manipulation of the argument cat leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to t...
osCommerce 跨站脚本漏洞
osCommerce is an open source online shopping e-commerce solution based on the GNUGPL license. A cross-site scripting vulnerability exists in osCommerce v4. The vulnerability stems from the parameter cat in the file /catalog/all-products that causes cross-site scripting...
osCommerce 4 Cross Site Scripting
Exploit Title: osCommerce 4 - Reflected XSS Exploit Author: skalvin Date: 22/04/2024 Vendor: osCommerce ltd. Vendor Homepage: https://www.oscommerce.com/ Software Link: https://demo.oscommerce.com/ Demo Link: https://demo.oscommerce.com/furniture/ Tested on: Windows 11 Pro Impact: Manipulate the...
CVE-2024-22724
An issue was discovered in osCommerce v4, allows local attackers to bypass file upload restrictions and execute arbitrary code via administrator profile photo upload feature...
CVE-2024-22724
An issue was discovered in osCommerce v4, allows local attackers to bypass file upload restrictions and execute arbitrary code via administrator profile photo upload feature...
CVE-2024-22724
An issue was discovered in osCommerce v4, allows local attackers to bypass file upload restrictions and execute arbitrary code via administrator profile photo upload feature...
CVE-2024-22724
OSCommerce v4 is affected by CVE-2024-22724. The issue allows local attackers to bypass file upload restrictions in the administrator profile photo upload feature and execute arbitrary code. Documents consistently describe a local, credentialed path to code execution via file upload, but do not p...
PT-2024-19544 · Unknown · Oscommerce
Name of the Vulnerable Software and Affected Versions: osCommerce version 4 Description: An issue allows local attackers to bypass file upload restrictions and execute arbitrary code via the administrator profile photo upload feature. Recommendations: For osCommerce version 4, as a temporary...
osCommerce 安全漏洞
osCommerce is an open source online shopping e-commerce solution based on the GNUGPL license. A security vulnerability exists in osCommerce version v4 that originated from a vulnerability that allows local attackers to bypass file upload restrictions and execute arbitrary code via the administrat...