Vulnerabilities > Oscommerce

DATE CVE VULNERABILITY TITLE RISK
2021-01-27 CVE-2020-23360 Incorrect Comparison vulnerability in Oscommerce 2.3.4.1
oscommerce v2.3.4.1 has a functional problem in user registration and password rechecking, where a non-identical password can bypass the checks in /catalog/admin/administrators.php and /catalog/password_reset.php
network
low complexity
oscommerce CWE-697
critical
 9.8
9.8
2020-11-25 CVE-2020-29070 Cross-site Scripting vulnerability in Oscommerce 2.3.4.1
osCommerce 2.3.4.1 has XSS vulnerability via the authenticated user entering the XSS payload into the title section of newsletters.
network
low complexity
oscommerce CWE-79
4.8
4.8
2020-10-28 CVE-2020-27976 OS Command Injection vulnerability in Oscommerce
osCommerce Phoenix CE before 1.0.5.4 allows OS command injection remotely.
network
low complexity
oscommerce CWE-78
critical
 9.8
9.8
2020-10-28 CVE-2020-27975 Cross-Site Request Forgery (CSRF) vulnerability in Oscommerce
osCommerce Phoenix CE before 1.0.5.4 allows admin/define_language.php CSRF.
network
low complexity
oscommerce CWE-352
8.8
8.8
2020-09-03 CVE-2020-12058 Cross-site Scripting vulnerability in Oscommerce CE Phoenix 1.0.6.0
Several XSS vulnerabilities in osCommerce CE Phoenix before 1.0.6.0 allow an attacker to inject and execute arbitrary JavaScript code.
network
low complexity
oscommerce CWE-79
6.1
6.1
2019-08-22 CVE-2018-18573 Code Injection vulnerability in Oscommerce 2.3.4.1
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page.
network
low complexity
oscommerce CWE-94
7.2
7.2
2019-08-22 CVE-2018-18572 Unrestricted Upload of File with Dangerous Type vulnerability in Oscommerce 2.3.4.1
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page.
network
low complexity
oscommerce CWE-434
7.2
7.2
2018-11-06 CVE-2018-18966 Unspecified vulnerability in Oscommerce Online Merchant 2.3.4.1
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page.
network
low complexity
oscommerce
4.9
4.9
2018-11-06 CVE-2018-18965 Unspecified vulnerability in Oscommerce Online Merchant 2.3.4.1
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page.
network
low complexity
oscommerce
4.9
4.9
2018-11-06 CVE-2018-18964 Unspecified vulnerability in Oscommerce Online Merchant 2.3.4.1
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page.
network
low complexity
oscommerce
4.9
4.9