Oscommerce : Security Vulnerabilities, CVEs,
HTML Injection vulnerability in CE Phoenix v1.0.8.20 and before allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted payload to the english.php component.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-12
Updated
2024-03-12
A remote code execution (RCE) vulnerability in /admin/define_language.php of CE Phoenix v1.0.8.20 allows attackers to execute arbitrary PHP code via injecting a crafted payload into the file english.php.
Max CVSS
N/A
EPSS Score
0.05%
Published
2024-02-16
Updated
2024-02-16
An issue was discovered in osCommerce v4, allows local attackers to bypass file upload restrictions and execute arbitrary code via administrator profile photo upload feature.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-21
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.
This vulnerability allows attackers to inject JS through the "formats_titles[7]" parameter,
potentially leading to unauthorized execution of scripts within a user's web browser.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-09-30
Updated
2023-10-19
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.
This vulnerability allows attackers to inject JS through the "name" parameter,
potentially leading to unauthorized execution of scripts within a user's web browser.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-09-30
Updated
2023-10-19
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.
This vulnerability allows attackers to inject JS through the "company_address" parameter,
potentially leading to unauthorized execution of scripts within a user's web browser.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-09-30
Updated
2023-10-19
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.
This vulnerability allows attackers to inject JS through the "tax_class_title" parameter,
potentially leading to unauthorized execution of scripts within a user's web browser.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-09-30
Updated
2023-10-19
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.
This vulnerability allows attackers to inject JS through the "zone_name" parameter,
potentially leading to unauthorized execution of scripts within a user's web browser.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-09-30
Updated
2023-10-19
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.
This vulnerability allows attackers to inject JS through the "countries_name[1]" parameter,
potentially leading to unauthorized execution of scripts within a user's web browser.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-09-30
Updated
2023-10-19
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.
This vulnerability allows attackers to inject JS through the "xsell_type_name[1]" parameter,
potentially leading to unauthorized execution of scripts within a user's web browser.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-09-30
Updated
2023-10-19
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.
This vulnerability allows attackers to inject JS through the "stock_delivery_terms_text[1]" parameter,
potentially leading to unauthorized execution of scripts within a user's web browser.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-09-30
Updated
2023-10-19
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.
This vulnerability allows attackers to inject JS through the "stock_indication_text[1]" parameter,
potentially leading to unauthorized execution of scripts within a user's web browser.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-09-30
Updated
2023-10-19
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.
This vulnerability allows attackers to inject JS through the "orders_products_status_manual_name_long[1]" parameter,
potentially leading to unauthorized execution of scripts within a user's web browser.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-09-30
Updated
2023-11-08
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.
This vulnerability allows attackers to inject JS through the "orders_products_status_name_long[1]" parameter,
potentially leading to unauthorized execution of scripts within a user's web browser.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-09-30
Updated
2023-10-19
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.
This vulnerability allows attackers to inject JS through the "derb6zmklgtjuhh2cn5chn2qjbm2stgmfa4.oastify.comscription[1][name]" parameter,
potentially leading to unauthorized execution of scripts within a user's web browser.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-09-30
Updated
2023-11-08
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.
This vulnerability allows attackers to inject JS through the "orders_status_name[1]" parameter,
potentially leading to unauthorized execution of scripts within a user's web browser.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-09-30
Updated
2023-10-19
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.
This vulnerability allows attackers to inject JS through the "orders_status_groups_name[1]" parameter,
potentially leading to unauthorized execution of scripts within a user's web browser.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-09-30
Updated
2023-10-19
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.
This vulnerability allows attackers to inject JS through the "PACKING_SLIPS_SUMMARY_TITLE[1]" parameter,
potentially leading to unauthorized execution of scripts within a user's web browser.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-09-30
Updated
2023-10-19
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.
This vulnerability allows attackers to inject JS through the "BILLING_GENDER_TITLE[1]" parameter,
potentially leading to unauthorized execution of scripts within a user's web browser.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-09-30
Updated
2023-10-19
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.
This vulnerability allows attackers to inject JS through the "SHIPPING_GENDER_TITLE[1]" parameter,
potentially leading to unauthorized execution of scripts within a user's web browser.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-09-30
Updated
2023-10-19
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.
This vulnerability allows attackers to inject JS through the "MSEARCH_ENABLE_TITLE[1]" parameter,
potentially leading to unauthorized execution of scripts within a user's web browser.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-09-30
Updated
2023-11-08
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.
This vulnerability allows attackers to inject JS through the "MSEARCH_HIGHLIGHT_ENABLE_TITLE[1]" parameter,
potentially leading to unauthorized execution of scripts within a user's web browser.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-09-30
Updated
2023-10-19
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.
This vulnerability allows attackers to inject JS through the "MAX_DISPLAY_NEW_PRODUCTS_TITLE[1]" parameter,
potentially leading to unauthorized execution of scripts within a user's web browser.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-09-30
Updated
2023-10-19
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.
This vulnerability allows attackers to inject JS through the "ENTRY_FIRST_NAME_MIN_LENGTH_TITLE[1]" parameter,
potentially leading to unauthorized execution of scripts within a user's web browser.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-09-30
Updated
2023-10-19
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.
This vulnerability allows attackers to inject JS through the "SKIP_CART_PAGE_TITLE[1]" parameter,
potentially leading to unauthorized execution of scripts within a user's web browser.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-09-30
Updated
2023-10-19