Online Merchant@2.3.0 Security Vulnerabilities and Issues — Online Merchant@2.3.0 CVE List

Lucene search

OscommerceOnline Merchant2.3.0

3 matches found

CVE•added 2012/05/27 7:55 p.m.•41 views

CVE-2012-1792

Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Setup/Application/Install/RPC/DBCheck.php in OSCommerce Online Merchant 3.0.2, when the software is being installed, allows remote attackers to inject arbitrary web script or HTML via the name parameter to oscommerce/index.php, whi...

2.6CVSS5.8AI score0.00225EPSS

CVE•added 2012/05/27 7:55 p.m.•34 views

CVE-2012-2935

Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Shop/Application/Checkout/pages/main.php in OSCommerce Online Merchant 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the value_title parameter, a different vulnerability than CVE-2012-1059.

4.3CVSS5.8AI score0.07855EPSS

CVE•added 2012/09/19 7:55 p.m.•32 views

CVE-2012-2991

The PayPal (aka MODULE_PAYMENT_PAYPAL_STANDARD) module before 1.1 in osCommerce Online Merchant before 2.3.4 allows remote attackers to set the payment recipient via a modified value of the merchant's e-mail address, as demonstrated by setting the recipient to one's self.

5CVSS6.7AI score0.00328EPSS