6714 matches found
Cross site scripting
Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "zonename" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...
Cross site scripting
Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "MSEARCHHIGHLIGHTENABLETITLE1" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...
CVE-2023-43725
CVE-2023-43725 affects OsCommerce (noted as OsCommerce 4.12.56860 in CVE records). It is a Cross‑Site Scripting (XSS) flaw that allows an attacker to inject JavaScript through the parameter orders_products_status_name_long[1], potentially resulting in unauthorized script execution in a user’s bro...
CVE-2023-43714
Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "SKIPCARTPAGETITLE1" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...
CVE-2023-43713
Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability, which allows attackers to inject JS via the "title" parameter, in the "/admin/admin-menu/add-submit" endpoint, which can lead to unauthorized execution of scripts in a user's web browser...
CVE-2023-43712
Os Commerce (affected: web app) has a Cross-Site Scripting (XSS) vulnerability via the access_levels_name parameter. Root cause: improper sanitization of input leading to injected JavaScript in user browsers. Impact per sources: potential script execution in a user session; CVSSv3.1 base score 5....
CVE-2023-43711
Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "adminfirstname" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...
CVE-2023-43705
Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "translationvalue1" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...
CVE-2023-43706
Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "emailtemplateskey" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...
CVE-2023-43704
Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "title" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...
CVE-2023-43703
Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "productinfoname" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...
osCommerce Cross-Site Scripting Vulnerability
osCommerce is an open source online shopping e-commerce solution based on the GNUGPL license. osCommerce suffers from a cross-site scripting vulnerability that stems from susceptibility to a cross-site scripting XSS vulnerability that allows an attacker to execute unauthorized scripts in a user's...
osCommerce Cross-Site Scripting Vulnerability
osCommerce is an open source online shopping e-commerce solution based on the GNUGPL license. osCommerce suffers from a cross-site scripting vulnerability that stems from susceptibility to a cross-site scripting XSS vulnerability that allows an attacker to execute unauthorized scripts in a user's...
osCommerce Cross-Site Scripting Vulnerability
osCommerce is an open source online shopping e-commerce solution based on the GNUGPL license. osCommerce suffers from a cross-site scripting vulnerability that stems from susceptibility to a cross-site scripting XSS vulnerability that allows an attacker to execute unauthorized scripts in a user's...
osCommerce Cross-Site Scripting Vulnerability
osCommerce is an open source online shopping e-commerce solution based on the GNUGPL license. osCommerce suffers from a cross-site scripting vulnerability that stems from susceptibility to a cross-site scripting XSS vulnerability that allows an attacker to execute unauthorized scripts in a user's...
osCommerce Cross-Site Scripting Vulnerability
osCommerce is an open source online shopping e-commerce solution based on the GNUGPL license. osCommerce suffers from a cross-site scripting vulnerability that stems from susceptibility to a cross-site scripting XSS vulnerability that allows an attacker to execute unauthorized scripts in a user's...
osCommerce Cross-Site Scripting Vulnerability
osCommerce is an open source online shopping e-commerce solution based on the GNUGPL license. osCommerce suffers from a cross-site scripting vulnerability that stems from susceptibility to a cross-site scripting XSS vulnerability that allows an attacker to execute unauthorized scripts in a user's...
osCommerce Cross-Site Scripting Vulnerability
osCommerce is an open source online shopping e-commerce solution based on the GNUGPL license. osCommerce suffers from a cross-site scripting vulnerability that stems from susceptibility to a cross-site scripting XSS vulnerability that allows an attacker to execute unauthorized scripts in a user's...
osCommerce Cross-Site Scripting Vulnerability
osCommerce is an open source online shopping e-commerce solution based on the GNUGPL license. osCommerce suffers from a cross-site scripting vulnerability that stems from susceptibility to a cross-site scripting XSS vulnerability that allows an attacker to execute unauthorized scripts in a user's...
CVE-2023-43884
A Cross-site scripting XSS vulnerability in Reference ID from the panel Transactions, of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into 'Reference ID' parameter...