CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6609 – osCommerce all-products cross site scripting
https://notcve.org/view.php?id=CVE-2023-6609
08 Dec 2023 — A vulnerability was found in osCommerce 4. It has been classified as problematic. This affects an unknown part of the file /b2b-supermarket/catalog/all-products. The manipulation of the argument keywords with the input %27%22%3E%3Cimg%2Fsrc%3D1+onerror%3Dalert%28document.cookie%29%3E leads to cross site scripting. It is possible to initiate the attack remotely. • https://vuldb.com/?ctiid.247245 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-6579 – osCommerce POST Parameter shopping-cart sql injection
https://notcve.org/view.php?id=CVE-2023-6579
07 Dec 2023 — A vulnerability, which was classified as critical, has been found in osCommerce 4. Affected by this issue is some unknown functionality of the file /b2b-supermarket/shopping-cart of the component POST Parameter Handler. The manipulation of the argument estimate[country_id] leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-247160. • https://packetstorm.news/files/id/176124 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6296 – osCommerce Instant Message compare cross site scripting
https://notcve.org/view.php?id=CVE-2023-6296
26 Nov 2023 — A vulnerability was found in osCommerce 4. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /catalog/compare of the component Instant Message Handler. The manipulation of the argument compare with the input 40dz4iq"><script>alert(1)</script>zohkx leads to cross site scripting. The attack may be launched remotely. • https://packetstorm.news/files/id/175925 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •