Vulnerabilities > Oscommerce

DATE CVE VULNERABILITY TITLE RISK
2023-09-30 CVE-2023-43708 Cross-site Scripting vulnerability in Oscommerce 4.12.56860
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "configuration_title[1](MODULE_PAYMENT_SAGE_PAY_SERVER_TEXT_TITLE)" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
network
low complexity
oscommerce CWE-79
5.4
5.4
2023-09-30 CVE-2023-43709 Cross-site Scripting vulnerability in Oscommerce 4.12.56860
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "configuration_title[1](MODULE)" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
network
low complexity
oscommerce CWE-79
5.4
5.4
2023-09-30 CVE-2023-43710 Cross-site Scripting vulnerability in Oscommerce 4.12.56860
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "configuration_title[1][MODULE_SHIPPING_PERCENT_TEXT_TITLE]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
network
low complexity
oscommerce CWE-79
5.4
5.4
2023-09-30 CVE-2023-43711 Cross-site Scripting vulnerability in Oscommerce 4.12.56860
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "admin_firstname" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
network
low complexity
oscommerce CWE-79
5.4
5.4
2023-09-30 CVE-2023-43702 Cross-site Scripting vulnerability in Oscommerce 4.12.56860
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "tracking_number" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
network
low complexity
oscommerce CWE-79
5.4
5.4
2023-09-30 CVE-2023-43703 Cross-site Scripting vulnerability in Oscommerce 4.12.56860
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "product_info[][name]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
network
low complexity
oscommerce CWE-79
5.4
5.4
2023-09-30 CVE-2023-43704 Cross-site Scripting vulnerability in Oscommerce 4.12.56860
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "title" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
network
low complexity
oscommerce CWE-79
5.4
5.4
2023-09-30 CVE-2023-43705 Cross-site Scripting vulnerability in Oscommerce 4.12.56860
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "translation_value[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
network
low complexity
oscommerce CWE-79
5.4
5.4
2023-09-30 CVE-2023-43706 Cross-site Scripting vulnerability in Oscommerce 4.12.56860
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "email_templates_key" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
network
low complexity
oscommerce CWE-79
5.4
5.4
2021-01-27 CVE-2020-23360 Incorrect Comparison vulnerability in Oscommerce 2.3.4.1
oscommerce v2.3.4.1 has a functional problem in user registration and password rechecking, where a non-identical password can bypass the checks in /catalog/admin/administrators.php and /catalog/password_reset.php
network
low complexity
oscommerce CWE-697
7.5
7.5