Vulnerabilities > Oscommerce

DATE CVE VULNERABILITY TITLE RISK
2020-11-25 CVE-2020-29070 Cross-Site Scripting vulnerability in Oscommerce 2.3.4.1
osCommerce 2.3.4.1 has XSS vulnerability via the authenticated user entering the XSS payload into the title section of newsletters.
network
oscommerce CWE-79
3.5
2020-10-28 CVE-2020-27976 OS Command Injection vulnerability in Oscommerce
osCommerce Phoenix CE before 1.0.5.4 allows OS command injection remotely.
network
low complexity
oscommerce CWE-78
critical
10.0
2020-10-28 CVE-2020-27975 Cross-Site Request Forgery (CSRF) vulnerability in Oscommerce
osCommerce Phoenix CE before 1.0.5.4 allows admin/define_language.php CSRF.
6.8
2020-09-03 CVE-2020-12058 Cross-Site Scripting vulnerability in Oscommerce CE Phoenix 1.0.6.0
Several XSS vulnerabilities in osCommerce CE Phoenix before 1.0.6.0 allow an attacker to inject and execute arbitrary JavaScript code.
network
oscommerce CWE-79
4.3
2019-08-22 CVE-2018-18573 Code Injection vulnerability in Oscommerce 2.3.4.1
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page.
network
low complexity
oscommerce CWE-94
6.5
2019-08-22 CVE-2018-18572 Unrestricted Upload of File With Dangerous Type vulnerability in Oscommerce 2.3.4.1
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page.
network
low complexity
oscommerce CWE-434
6.5
2018-11-06 CVE-2018-18966 Unspecified vulnerability in Oscommerce Online Merchant 2.3.4.1
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page.
network
low complexity
oscommerce microsoft
4.0
2018-11-06 CVE-2018-18965 Unspecified vulnerability in Oscommerce Online Merchant 2.3.4.1
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page.
network
low complexity
oscommerce
4.0
2018-11-06 CVE-2018-18964 Unspecified vulnerability in Oscommerce Online Merchant 2.3.4.1
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page.
network
low complexity
oscommerce
4.0
2015-06-28 CVE-2015-2965 Path Traversal vulnerability in Oscommerce
Directory traversal vulnerability in osCommerce Japanese 2.2ms1j-R8 and earlier allows remote authenticated administrators to read arbitrary files via unspecified vectors.
network
low complexity
oscommerce CWE-22
4.0