CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2012-2935
https://notcve.org/view.php?id=CVE-2012-2935
Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Shop/Application/Checkout/pages/main.php in OSCommerce Online Merchant 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the value_title parameter, a different vulnerability than CVE-2012-1059. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en osCommerce/OM/Core/Site/Shop/Application/Checkout/pages/main.php en OSCommerce Online Merchant v3.0.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro value_title, una vulnerabilidad diferente a CVE-2012-1059. • https://exchange.xforce.ibmcloud.com/vulnerabilities/75900 https://github.com/osCommerce/oscommerce/commit/a5aeb0448cc333cc4b801c0e01981b218fd9c7df • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.6EPSS: 0%CPEs: 5EXPL: 1CVE-2012-1792
https://notcve.org/view.php?id=CVE-2012-1792
Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Setup/Application/Install/RPC/DBCheck.php in OSCommerce Online Merchant 3.0.2, when the software is being installed, allows remote attackers to inject arbitrary web script or HTML via the name parameter to oscommerce/index.php, which is not properly handled in an error message. NOTE: this might not be a vulnerability, since the ability to access oscommerce/index.php during installation may already imply administrator privileges. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en osCommerce/OM/Core/Site/Setup/Application/Install/RPC/DBCheck.php en OSCommerce Online Merchant v3.0.2 cuando el software está siendo instalado, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro de nombre de oscommerce / index.php, que no se maneja adecuadamente, en un mensaje de error. NOTA: esto podría no ser una vulnerabilidad, ya que la capacidad de acceder a oscommerce / index.php durante la instalación ya puede implicar privilegios de administrador. • https://www.trustwave.com/spiderlabs/advisories/TWSL2012-005.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 3CVE-2012-1059 – osCommerce 3.0.2 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-1059
Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Shop/Application/Cart/pages/main.php in OSCommerce Online Merchant 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the value_title parameter, as demonstrated using the "Front" field in the shirt module. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en el módulo shirt en OSCommerce Online Merchant v3.0.2 permite a atacantes remotos inyectar código script web o HTML a través del campo "Front". • https://www.exploit-db.com/exploits/18455 http://packetstormsecurity.org/files/109389/VL-407.txt http://www.exploit-db.com/exploits/18455 http://www.securityfocus.com/bid/51831 http://www.vulnerability-lab.com/get_content.php?id=407 https://exchange.xforce.ibmcloud.com/vulnerabilities/72916 https://github.com/osCommerce/oscommerce/commit/a5aeb0448cc333cc4b801c0e01981b218fd9c7df • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0CVE-2012-0312
https://notcve.org/view.php?id=CVE-2012-0312
Cross-site scripting (XSS) vulnerability in osCommerce 2.2MS1J before R9, and osCommerce Online Merchant before 2.3.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerbilidad de ejecución de secuencias de comandos web en sitios cruzados (XSS) en osCommerce 2.2MS1J anterior a R9 y osCommerce, anterior a v2.3.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados .. • http://jvn.jp/en/jp/JVN64386898/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2012-000005 http://sourceforge.jp/forum/forum.php?forum_id=28119 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 4CVE-2008-4765 – osCommerce Poll Booth 2.0 AddOn - 'pollbooth.php' SQL Injection
https://notcve.org/view.php?id=CVE-2008-4765
SQL injection vulnerability in pollBooth.php in osCommerce Poll Booth Add-On 2.0 allows remote attackers to execute arbitrary SQL commands via the pollID parameter in a results operation. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect. Vulnerabilidad de inyección SQL en pollBooth.php de osCommerce Poll Booth Add-On v2.0; permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro pollID en una operación "results" (resultado). NOTA: Esta vulnerabilidad ha sido reportada por un investigador de poca confianza, por lo que puede tener incorrecciones. • https://www.exploit-db.com/exploits/31640 https://www.exploit-db.com/exploits/5436 http://packetstormsecurity.org/0804-exploits/pollbooth20-sql.txt http://www.securityfocus.com/bid/28752 https://exchange.xforce.ibmcloud.com/vulnerabilities/41796 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •