HTML Injection vulnerability in CE Phoenix v1.0.8.20 and before allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted payload to the english.php component.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-12
Updated
2024-03-12
A remote code execution (RCE) vulnerability in /admin/define_language.php of CE Phoenix v1.0.8.20 allows attackers to execute arbitrary PHP code via injecting a crafted payload into the file english.php.
Max CVSS
N/A
EPSS Score
0.05%
Published
2024-02-16
Updated
2024-02-16
An issue was discovered in osCommerce v4, allows local attackers to bypass file upload restrictions and execute arbitrary code via administrator profile photo upload feature.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-21
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "formats_titles[7]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-09-30
Updated
2023-10-19
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "name" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-09-30
Updated
2023-10-19
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "company_address" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-09-30
Updated
2023-10-19
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "tax_class_title" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-09-30
Updated
2023-10-19
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "zone_name" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-09-30
Updated
2023-10-19
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "countries_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-09-30
Updated
2023-10-19
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "xsell_type_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-09-30
Updated
2023-10-19
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "stock_delivery_terms_text[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-09-30
Updated
2023-10-19
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "stock_indication_text[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-09-30
Updated
2023-10-19
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "orders_products_status_manual_name_long[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-09-30
Updated
2023-11-08
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "orders_products_status_name_long[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-09-30
Updated
2023-10-19
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "derb6zmklgtjuhh2cn5chn2qjbm2stgmfa4.oastify.comscription[1][name]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-09-30
Updated
2023-11-08
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "orders_status_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-09-30
Updated
2023-10-19
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "orders_status_groups_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-09-30
Updated
2023-10-19
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "PACKING_SLIPS_SUMMARY_TITLE[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-09-30
Updated
2023-10-19
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "BILLING_GENDER_TITLE[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-09-30
Updated
2023-10-19
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "SHIPPING_GENDER_TITLE[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-09-30
Updated
2023-10-19
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "MSEARCH_ENABLE_TITLE[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-09-30
Updated
2023-11-08
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "MSEARCH_HIGHLIGHT_ENABLE_TITLE[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-09-30
Updated
2023-10-19
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "MAX_DISPLAY_NEW_PRODUCTS_TITLE[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-09-30
Updated
2023-10-19
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "ENTRY_FIRST_NAME_MIN_LENGTH_TITLE[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-09-30
Updated
2023-10-19
Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "SKIP_CART_PAGE_TITLE[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-09-30
Updated
2023-10-19
91 vulnerabilities found
1 2 3 4
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!