Vulnerabilities > Oscommerce

DATE CVE VULNERABILITY TITLE RISK
2023-12-08 CVE-2023-6609 Cross-site Scripting vulnerability in Oscommerce 4.0
A vulnerability was found in osCommerce 4.
network
low complexity
oscommerce CWE-79
6.1
2023-12-07 CVE-2023-6579 SQL Injection vulnerability in Oscommerce 4.0
A vulnerability, which was classified as critical, has been found in osCommerce 4.
network
low complexity
oscommerce CWE-89
critical
9.8
2023-11-26 CVE-2023-6296 Cross-site Scripting vulnerability in Oscommerce 4.0
A vulnerability was found in osCommerce 4.
network
low complexity
oscommerce CWE-79
6.1
2023-09-30 CVE-2023-43732 Cross-site Scripting vulnerability in Oscommerce 4.12.56860
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "tax_class_title" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
network
low complexity
oscommerce CWE-79
5.4
2023-09-30 CVE-2023-43733 Cross-site Scripting vulnerability in Oscommerce 4.12.56860
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "company_address" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
network
low complexity
oscommerce CWE-79
5.4
2023-09-30 CVE-2023-43734 Cross-site Scripting vulnerability in Oscommerce 4.12.56860
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "name" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
network
low complexity
oscommerce CWE-79
5.4
2023-09-30 CVE-2023-43735 Cross-site Scripting vulnerability in Oscommerce 4.12.56860
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "formats_titles[7]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
network
low complexity
oscommerce CWE-79
5.4
2023-09-30 CVE-2023-5111 Cross-site Scripting vulnerability in Oscommerce 4.12.56860
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "featured_type_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
network
low complexity
oscommerce CWE-79
5.4
2023-09-30 CVE-2023-5112 Cross-site Scripting vulnerability in Oscommerce 4.12.56860
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "specials_type_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
network
low complexity
oscommerce CWE-79
5.4
2023-09-30 CVE-2023-43717 Cross-site Scripting vulnerability in Oscommerce 4.12.56860
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "MSEARCH_HIGHLIGHT_ENABLE_TITLE[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
network
low complexity
oscommerce CWE-79
5.4