Online Merchant@2.3.4.1 Security Vulnerabilities and Issues — Online Merchant@2.3.4.1 CVE List

Lucene search

OscommerceOnline Merchant2.3.4.1

3 matches found

CVE•added 2018/11/06 4:29 a.m.•47 views

CVE-2018-18965

osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. The .htaccess file in catalog/images/ bans the html extension, but there are several alternative cases in which HTML can be executed, such as a file with no extension or an unrecognized extension (e.g., ...

4.9CVSS5.1AI score0.0022EPSS

CVE•added 2018/11/06 4:29 a.m.•43 views

CVE-2018-18966

osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. The .htaccess file in catalog/images/ bans the html extension, but Internet Explorer render HTML elements in a .eml file.

4.9CVSS5.2AI score0.0022EPSS

CVE•added 2018/11/06 4:29 a.m.•39 views

CVE-2018-18964

osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. The .htaccess file in catalog/images/ bans the html extension, but there are several extensions in which contained HTML can be executed, such as the svg extension.

4.9CVSS5.3AI score0.0022EPSS