CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-25119 – WordPress Woocommerce osCommerce Sync plugin <= 2.0.20 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-25119
02 Feb 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Woocommerce osCommerce Sync allows Reflected XSS. This issue affects Woocommerce osCommerce Sync: from n/a through 2.0.20. The Woocommerce osCommerce Sync plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0.20 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we... • https://patchstack.com/database/wordpress/plugin/woo-oscommerce-sync/vulnerability/wordpress-easy-wp-tiles-plugin-1-cross-site-scripting-xss-vulnerability-4?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 14%CPEs: 1EXPL: 1CVE-2024-4348 – osCommerce all-products cross site scripting
https://notcve.org/view.php?id=CVE-2024-4348
30 Apr 2024 — A vulnerability, which was classified as problematic, was found in osCommerce 4. Affected is an unknown function of the file /catalog/all-products. The manipulation of the argument cat leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://packetstorm.news/files/id/178375 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22724
https://notcve.org/view.php?id=CVE-2024-22724
21 Mar 2024 — An issue was discovered in osCommerce v4, allows local attackers to bypass file upload restrictions and execute arbitrary code via administrator profile photo upload feature. Se descubrió un problema en osCommerce v4 que permite a atacantes locales eludir las restricciones de carga de archivos y ejecutar código arbitrario a través de la función de carga de fotos de perfil del administrador. • https://github.com/osCommerce/osCommerce-V4/issues/62 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2024-26521
https://notcve.org/view.php?id=CVE-2024-26521
12 Mar 2024 — HTML Injection vulnerability in CE Phoenix v1.0.8.20 and before allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted payload to the english.php component. Vulnerabilidad de inyección HTML en CE Phoenix v1.0.8.20 y anteriores permite a un atacante remoto ejecutar código arbitrario, escalar privilegios y obtener información confidencial a través de un payload manipulado para el componente english.php. • https://github.com/hackervegas001/CVE-2024-26521 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.3EPSS: 3%CPEs: 2EXPL: 0CVE-2024-25415
https://notcve.org/view.php?id=CVE-2024-25415
16 Feb 2024 — A remote code execution (RCE) vulnerability in /admin/define_language.php of CE Phoenix v1.0.8.20 allows attackers to execute arbitrary PHP code via injecting a crafted payload into the file english.php. Una vulnerabilidad de ejecución remota de código (RCE) en /admin/define_language.php de CE Phoenix v1.0.8.20 permite a atacantes ejecutar código PHP de su elección inyectando un payload manipulado en el archivo english.php. • https://github.com/capture0x/Phoenix • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6609 – osCommerce all-products cross site scripting
https://notcve.org/view.php?id=CVE-2023-6609
08 Dec 2023 — A vulnerability was found in osCommerce 4. It has been classified as problematic. This affects an unknown part of the file /b2b-supermarket/catalog/all-products. The manipulation of the argument keywords with the input %27%22%3E%3Cimg%2Fsrc%3D1+onerror%3Dalert%28document.cookie%29%3E leads to cross site scripting. It is possible to initiate the attack remotely. • https://vuldb.com/?ctiid.247245 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-6579 – osCommerce POST Parameter shopping-cart sql injection
https://notcve.org/view.php?id=CVE-2023-6579
07 Dec 2023 — A vulnerability, which was classified as critical, has been found in osCommerce 4. Affected by this issue is some unknown functionality of the file /b2b-supermarket/shopping-cart of the component POST Parameter Handler. The manipulation of the argument estimate[country_id] leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-247160. • https://packetstorm.news/files/id/176124 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6296 – osCommerce Instant Message compare cross site scripting
https://notcve.org/view.php?id=CVE-2023-6296
26 Nov 2023 — A vulnerability was found in osCommerce 4. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /catalog/compare of the component Instant Message Handler. The manipulation of the argument compare with the input 40dz4iq"><script>alert(1)</script>zohkx leads to cross site scripting. The attack may be launched remotely. • https://packetstorm.news/files/id/175925 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5112 – Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS)
https://notcve.org/view.php?id=CVE-2023-5112
30 Sep 2023 — Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "specials_type_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. Os Commerce es actualmente susceptible a una vulnerabilidad de Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los atacantes inyectar JS a través del parámetro "specials_type_name[1]", lo que podría provocar la ejecución no autorizada d... • https://fluidattacks.com/advisories/bts • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5111 – Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS)
https://notcve.org/view.php?id=CVE-2023-5111
30 Sep 2023 — Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "featured_type_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. Os Commerce es actualmente susceptible a una vulnerabilidad de Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los atacantes inyectar JS a través del parámetro "featured_type_name[1]", lo que podría provocar la ejecución no autorizada d... • https://fluidattacks.com/advisories/bts • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •