Vulnerabilities > Oscommerce
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-11-25 | CVE-2020-29070 | Cross-site Scripting vulnerability in Oscommerce 2.3.4.1 osCommerce 2.3.4.1 has XSS vulnerability via the authenticated user entering the XSS payload into the title section of newsletters. | 3.5 |
2020-10-28 | CVE-2020-27976 | OS Command Injection vulnerability in Oscommerce osCommerce Phoenix CE before 1.0.5.4 allows OS command injection remotely. | 10.0 |
2020-10-28 | CVE-2020-27975 | Cross-Site Request Forgery (CSRF) vulnerability in Oscommerce osCommerce Phoenix CE before 1.0.5.4 allows admin/define_language.php CSRF. | 6.8 |
2020-09-03 | CVE-2020-12058 | Cross-site Scripting vulnerability in Oscommerce CE Phoenix 1.0.6.0 Several XSS vulnerabilities in osCommerce CE Phoenix before 1.0.6.0 allow an attacker to inject and execute arbitrary JavaScript code. | 4.3 |
2019-08-22 | CVE-2018-18573 | Code Injection vulnerability in Oscommerce 2.3.4.1 osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. | 6.5 |
2019-08-22 | CVE-2018-18572 | Unrestricted Upload of File with Dangerous Type vulnerability in Oscommerce 2.3.4.1 osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. | 6.5 |
2018-11-06 | CVE-2018-18966 | Unspecified vulnerability in Oscommerce Online Merchant 2.3.4.1 osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. | 4.0 |
2018-11-06 | CVE-2018-18965 | Unspecified vulnerability in Oscommerce Online Merchant 2.3.4.1 osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. | 4.0 |
2018-11-06 | CVE-2018-18964 | Unspecified vulnerability in Oscommerce Online Merchant 2.3.4.1 osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. | 4.0 |
2015-06-28 | CVE-2015-2965 | Path Traversal vulnerability in Oscommerce Directory traversal vulnerability in osCommerce Japanese 2.2ms1j-R8 and earlier allows remote authenticated administrators to read arbitrary files via unspecified vectors. | 4.0 |