CVE-2022-35212

osCommerce2 before v2.3.4.1 was discovered to contain a cross-site scripting XSS vulnerability via the function tepdberror...

CVE-2022-35212

osCommerce2 before v2.3.4.1 contains a cross-site scripting (XSS) vulnerability exposed through the tep_db_error() function. The issue is confirmed across multiple sources in the connected data set, tied to the tep_db_error() handling in older osCommerce2 releases. The primary affected component ...

CVE-2022-35212

osCommerce2 before v2.3.4.1 was discovered to contain a cross-site scripting XSS vulnerability via the function tepdberror...

CVE-2020-23360

oscommerce v2.3.4.1 has a functional problem in user registration and password rechecking, where a non-identical password can bypass the checks in /catalog/admin/administrators.php and /catalog/passwordreset.php...

CVE-2020-23360

oscommerce v2.3.4.1 has a functional problem in user registration and password rechecking, where a non-identical password can bypass the checks in /catalog/admin/administrators.php and /catalog/passwordreset.php...

Design/Logic Flaw

oscommerce v2.3.4.1 has a functional problem in user registration and password rechecking, where a non-identical password can bypass the checks in /catalog/admin/administrators.php and /catalog/passwordreset.php...

CVE-2020-23360

oscommerce v2.3.4.1 has a functional problem in user registration and password rechecking, where a non-identical password can bypass the checks in /catalog/admin/administrators.php and /catalog/passwordreset.php...

CVE-2020-23360

osCommerce v2.3.4.1 contains a functional flaw in the user registration and password rechecking flow where a non-identical password can bypass validation in /catalog/admin/administrators.php and /catalog/password_reset.php. The connected records do not provide additional technical specifics (e.g....