Vulnerabilities > Oscommerce > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-08 | CVE-2023-6609 | Cross-site Scripting vulnerability in Oscommerce 4.0 A vulnerability was found in osCommerce 4. | 6.1 |
| 2023-11-26 | CVE-2023-6296 | Cross-site Scripting vulnerability in Oscommerce 4.0 A vulnerability was found in osCommerce 4. | 6.1 |
| 2023-09-30 | CVE-2023-43732 | Cross-site Scripting vulnerability in Oscommerce 4.12.56860 Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "tax_class_title" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 |
| 2023-09-30 | CVE-2023-43733 | Cross-site Scripting vulnerability in Oscommerce 4.12.56860 Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "company_address" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 |
| 2023-09-30 | CVE-2023-43734 | Cross-site Scripting vulnerability in Oscommerce 4.12.56860 Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "name" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 |
| 2023-09-30 | CVE-2023-43735 | Cross-site Scripting vulnerability in Oscommerce 4.12.56860 Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "formats_titles[7]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 |
| 2023-09-30 | CVE-2023-5111 | Cross-site Scripting vulnerability in Oscommerce 4.12.56860 Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "featured_type_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 |
| 2023-09-30 | CVE-2023-5112 | Cross-site Scripting vulnerability in Oscommerce 4.12.56860 Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "specials_type_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 |
| 2023-09-30 | CVE-2023-43717 | Cross-site Scripting vulnerability in Oscommerce 4.12.56860 Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "MSEARCH_HIGHLIGHT_ENABLE_TITLE[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 |
| 2023-09-30 | CVE-2023-43718 | Cross-site Scripting vulnerability in Oscommerce 4.12.56860 Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "MSEARCH_ENABLE_TITLE[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 |