CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-43707 – Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS)
https://notcve.org/view.php?id=CVE-2023-43707
30 Sep 2023 — Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "CatalogsPageDescriptionForm[1][name] " parameter, potentially leading to unauthorized execution of scripts within a user's web browser. Os Commerce es actualmente susceptible a una vulnerabilidad de Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los atacantes inyectar JS a través del parámetro "CatalogsPageDescriptionForm[1][nombre] ", lo que podría pro... • https://fluidattacks.com/advisories/bts • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-43706 – Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS)
https://notcve.org/view.php?id=CVE-2023-43706
30 Sep 2023 — Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "email_templates_key" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. Os Commerce es actualmente susceptible a una vulnerabilidad de Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los atacantes inyectar JS a través del parámetro "email_templates_key", lo que podría provocar la ejecución no autorizada de sc... • https://fluidattacks.com/advisories/bts • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-43705 – Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS)
https://notcve.org/view.php?id=CVE-2023-43705
30 Sep 2023 — Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "translation_value[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. Os Commerce es actualmente susceptible a una vulnerabilidad de Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los atacantes inyectar JS a través del parámetro "translation_value[1]", lo que podría provocar la ejecución no autorizada de ... • https://fluidattacks.com/advisories/bts • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-43704 – Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS)
https://notcve.org/view.php?id=CVE-2023-43704
30 Sep 2023 — Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "title" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. Os Commerce es actualmente susceptible a una vulnerabilidad de Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los atacantes inyectar JS a través del parámetro "title", lo que podría provocar la ejecución no autorizada de scripts en el navegador web de... • https://fluidattacks.com/advisories/bts • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-43703 – Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS)
https://notcve.org/view.php?id=CVE-2023-43703
30 Sep 2023 — Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "product_info[][name]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. Os Commerce es actualmente susceptible a una vulnerabilidad de Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los atacantes inyectar JS a través del parámetro "product_info[][name]", lo que podría provocar la ejecución no autorizada de ... • https://fluidattacks.com/advisories/bts • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-43702 – Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS)
https://notcve.org/view.php?id=CVE-2023-43702
30 Sep 2023 — Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "tracking_number" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. Os Commerce es actualmente susceptible a una vulnerabilidad de Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los atacantes inyectar JS a través del parámetro "tracking_number", lo que podría provocar la ejecución no autorizada de scripts en... • https://fluidattacks.com/advisories/bts • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-35212
https://notcve.org/view.php?id=CVE-2022-35212
18 Aug 2022 — osCommerce2 before v2.3.4.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the function tep_db_error(). Se ha detectado que osCommerce2 versiones anteriores a v2.3.4.1, contenía una vulnerabilidad de tipo cross-site scripting (XSS) por medio de la función tep_db_error(). • https://forums.oscommerce.com/topic/497119-potencial-xss-vulnerability/?tab=comments#comment-1823082 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-23360
https://notcve.org/view.php?id=CVE-2020-23360
27 Jan 2021 — oscommerce v2.3.4.1 has a functional problem in user registration and password rechecking, where a non-identical password can bypass the checks in /catalog/admin/administrators.php and /catalog/password_reset.php oscommerce versión v2.3.4.1, presenta un problema funcional en el registro de usuario y la comprobación de contraseña, donde una contraseña no idéntica puede omitir las comprobaciones en los archivos /catalog/admin/administrators.php y /catalog/password_reset.php • https://github.com/osCommerce/oscommerce2/issues/658 • CWE-697: Incorrect Comparison •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 2CVE-2020-29070
https://notcve.org/view.php?id=CVE-2020-29070
25 Nov 2020 — osCommerce 2.3.4.1 has XSS vulnerability via the authenticated user entering the XSS payload into the title section of newsletters. osCommerce versión 2.3.4.1, presenta una vulnerabilidad de tipo XSS por medio de un usuario autenticado que ingresa una carga útil XSS en la sección de título de los boletines • https://github.com/aslanemre/cve-2020-29070 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-27975
https://notcve.org/view.php?id=CVE-2020-27975
28 Oct 2020 — osCommerce Phoenix CE before 1.0.5.4 allows admin/define_language.php CSRF. osCommerce Phoenix CE versiones anteriores a 1.0.5.4, permite un ataque de tipo CSRF en el archivo admin/define_language.php • https://herolab.usd.de/security-advisories/usd-2020-0027 • CWE-352: Cross-Site Request Forgery (CSRF) •