Lucene search
+L
OscommerceOnline Merchant

9 matches found

CVE
CVE
added 2018/11/06 4:0 a.m.58 views

CVE-2018-18965

CVE-2018-18965 affects osCommerce 2.3.4.1. The catalog/images/.htaccess blacklist bans the .html extension on the product page, but other cases allow HTML to be executed, such as files with no extension or unrecognized extensions (e.g., test or test.asdf). The connected documents do not provide e...

4.9CVSS5.1AI score0.00997EPSS
CVE
CVE
added 2018/11/06 4:0 a.m.57 views

CVE-2018-18966

CVE-2018-18966 affects osCommerce 2.3.4.1. The issue is an incomplete .htaccess blacklist in catalog/images/ that bans the html extension, while Internet Explorer can render HTML elements in a .eml file. This can enable HTML content handling despite the filter. CVSS2 v2.0 base 4.0 (Medium) and CV...

4.9CVSS5.2AI score0.00997EPSS
CVE
CVE
added 2012/01/26 3:0 p.m.53 views

CVE-2012-0312

CVE-2012-0312 affects osCommerce: XSS in osCommerce 2.2MS1J before R9 and osCommerce Online Merchant before 2.3.1 allows remote attackers to inject arbitrary scripts/HTML via unspecified vectors. Documented impact is execution of script in the user’s browser; no exploitation details are provided ...

4.3CVSS5.8AI score0.01135EPSS
CVE
CVE
added 2012/05/27 7:0 p.m.51 views

CVE-2012-1792

OSCommerce Online Merchant 3.0.2 has a documented XSS vulnerability in the installer path: DBCheck.php during installation, where the name parameter to oscommerce/index.php is not properly sanitized in an error message, allowing injection of arbitrary script/HTML. The root cause is improper handl...

2.6CVSS5.8AI score0.00875EPSS
Web
CVE
CVE
added 2018/11/06 4:0 a.m.50 views

CVE-2018-18964

CVE-2018-18964 affects osCommerce 2.3.4.1. An incomplete blacklist in the catalog/images/.htaccess for the product page bans the html extension, but HTML can still be executed via other extensions (e.g., .svg). The document does not specify a fixed patch or exact exploit vector beyond this restri...

4.9CVSS5.3AI score0.00997EPSS
Web
CVE
CVE
added 2012/02/14 12:0 a.m.49 views

CVE-2012-1059

CVE-2012-1059 describes a Cross-site scripting (XSS) vulnerability in OSCommerce Online Merchant 3.0.2. The issue affects the cart component at OSCommerce/OM/Core/Site/Shop/Application/Cart/pages/main.php where user-supplied input in the value_title parameter can be echoed back to the page, allow...

4.3CVSS5.8AI score0.03534EPSS
Web
CVE
CVE
added 2012/05/27 7:0 p.m.49 views

CVE-2012-2935

CVE-2012-2935 describes a cross-site scripting (XSS) vulnerability in OSCommerce Online Merchant 3.0.2. The flaw affects the file path OSCommerce/OM/Core/Site/Shop/Application/Checkout/pages/main.php, where a crafted value_title parameter can inject arbitrary web script/HTML. This is the checkout...

4.3CVSS5.8AI score0.00931EPSS
Web
CVE
CVE
added 2012/09/19 7:0 p.m.45 views

CVE-2012-2991

OSS Commerce PayPal Standard module vulnerability CVE-2012-2991: in osCommerce Online Merchant, the PayPal (MODULE_PAYMENT_PAYPAL_STANDARD) integration prior to v1.1 in the PayPal module for pre-2.3.4 supports altering the merchant email address on the client side, allowing remote attackers to se...

5CVSS6.7AI score0.0114EPSS
CVE
CVE
added 2015/01/13 3:0 p.m.43 views

CVE-2014-10033

The CVE-2014-10033 entry describes an SQL injection in the update_zone function of osCommerce Online Merchant 2.3.3.4 and earlier. The vulnerability exists in catalog/admin/geo_zones.php, where remote administrators can trigger arbitrary SQL execution via the zID parameter in a list action. The i...

6.5CVSS8.6AI score0.01798EPSS
Web