NotCVE - vendor:"Oscommerce"

Page 5 of 94 results (0.004 seconds)

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-43705 – Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS)

https://notcve.org/view.php?id=CVE-2023-43705

30 Sep 2023 — Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "translation_value[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. Os Commerce es actualmente susceptible a una vulnerabilidad de Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los atacantes inyectar JS a través del parámetro "translation_value[1]", lo que podría provocar la ejecución no autorizada de ... • https://fluidattacks.com/advisories/bts • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-43704 – Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS)

https://notcve.org/view.php?id=CVE-2023-43704

30 Sep 2023 — Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "title" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. Os Commerce es actualmente susceptible a una vulnerabilidad de Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los atacantes inyectar JS a través del parámetro "title", lo que podría provocar la ejecución no autorizada de scripts en el navegador web de... • https://fluidattacks.com/advisories/bts • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-43703 – Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS)

https://notcve.org/view.php?id=CVE-2023-43703

30 Sep 2023 — Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "product_info[][name]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. Os Commerce es actualmente susceptible a una vulnerabilidad de Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los atacantes inyectar JS a través del parámetro "product_info[][name]", lo que podría provocar la ejecución no autorizada de ... • https://fluidattacks.com/advisories/bts • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-43702 – Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS)

https://notcve.org/view.php?id=CVE-2023-43702

30 Sep 2023 — Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "tracking_number" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. Os Commerce es actualmente susceptible a una vulnerabilidad de Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los atacantes inyectar JS a través del parámetro "tracking_number", lo que podría provocar la ejecución no autorizada de scripts en... • https://fluidattacks.com/advisories/bts • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-35212

https://notcve.org/view.php?id=CVE-2022-35212

18 Aug 2022 — osCommerce2 before v2.3.4.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the function tep_db_error(). Se ha detectado que osCommerce2 versiones anteriores a v2.3.4.1, contenía una vulnerabilidad de tipo cross-site scripting (XSS) por medio de la función tep_db_error(). • https://forums.oscommerce.com/topic/497119-potencial-xss-vulnerability/?tab=comments#comment-1823082 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-23360

https://notcve.org/view.php?id=CVE-2020-23360

27 Jan 2021 — oscommerce v2.3.4.1 has a functional problem in user registration and password rechecking, where a non-identical password can bypass the checks in /catalog/admin/administrators.php and /catalog/password_reset.php oscommerce versión v2.3.4.1, presenta un problema funcional en el registro de usuario y la comprobación de contraseña, donde una contraseña no idéntica puede omitir las comprobaciones en los archivos /catalog/admin/administrators.php y /catalog/password_reset.php • https://github.com/osCommerce/oscommerce2/issues/658 • CWE-697: Incorrect Comparison •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 2

CVE-2020-29070

https://notcve.org/view.php?id=CVE-2020-29070

25 Nov 2020 — osCommerce 2.3.4.1 has XSS vulnerability via the authenticated user entering the XSS payload into the title section of newsletters. osCommerce versión 2.3.4.1, presenta una vulnerabilidad de tipo XSS por medio de un usuario autenticado que ingresa una carga útil XSS en la sección de título de los boletines • https://github.com/aslanemre/cve-2020-29070 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-27975

https://notcve.org/view.php?id=CVE-2020-27975

28 Oct 2020 — osCommerce Phoenix CE before 1.0.5.4 allows admin/define_language.php CSRF. osCommerce Phoenix CE versiones anteriores a 1.0.5.4, permite un ataque de tipo CSRF en el archivo admin/define_language.php • https://herolab.usd.de/security-advisories/usd-2020-0027 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 10.0EPSS: 20%CPEs: 1EXPL: 2

CVE-2020-27976

https://notcve.org/view.php?id=CVE-2020-27976

28 Oct 2020 — osCommerce Phoenix CE before 1.0.5.4 allows OS command injection remotely. Within admin/mail.php, a from POST parameter can be passed to the application. This affects the PHP mail function, and the sendmail -f option. osCommerce Phoenix CE versiones anteriores a 1.0.5.4, permite una inyección de comandos de Sistema Operativo remotamente. Dentro del archivo admin/mail.php, puede ser pasado de un parámetro POST hacia la aplicación. Esto afecta la función PHP mail y la opción sendmail -f • https://github.com/k0rnh0li0/CVE-2020-27976 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-12058

https://notcve.org/view.php?id=CVE-2020-12058

03 Sep 2020 — Several XSS vulnerabilities in osCommerce CE Phoenix before 1.0.6.0 allow an attacker to inject and execute arbitrary JavaScript code. The malicious code can be injected as follows: the page parameter to catalog/admin/order_status.php, catalog/admin/tax_rates.php, catalog/admin/languages.php, catalog/admin/countries.php, catalog/admin/tax_classes.php, catalog/admin/reviews.php, or catalog/admin/zones.php; or the zpage or spage parameter to catalog/admin/geo_zones.php. Múltiples vulnerabilidades de tipo XSS ... • https://github.com/gburton/CE-Phoenix/commit/8d0fb97810bc28880415a3a31607f473bfc5fec8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1...3 4 5 6 7