Filtered by vendor Oscommerce
Subscribe
Total
50 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0458 | 1 Oscommerce | 1 Oscommerce | 2016-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in contact_us.php in osCommerce 2.2-MS2 allows remote attackers to inject arbitrary web script or HTML via the enquiry parameter. | |||||
| CVE-2012-2991 | 2 Oscommerce, Paypal | 2 Online Merchant, Website Payments Standard Module | 2013-03-01 | 5.0 MEDIUM | N/A |
| The PayPal (aka MODULE_PAYMENT_PAYPAL_STANDARD) module before 1.1 in osCommerce Online Merchant before 2.3.4 allows remote attackers to set the payment recipient via a modified value of the merchant's e-mail address, as demonstrated by setting the recipient to one's self. | |||||
| CVE-2003-1219 | 1 Oscommerce | 1 Oscommerce | 2012-12-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the tep_href_link function in html_output.php for osCommerce before 2.2-MS3 allows remote attackers to inject arbitrary web script or HTML via the osCsid parameter. | |||||
| CVE-2012-5798 | 2 Oscommerce, Paypal | 2 Oscommerce, Payflow Pro Express Checkout | 2012-11-05 | 5.8 MEDIUM | N/A |
| The PayPal Pro PayFlow EC module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2012-1792 | 1 Oscommerce | 1 Online Merchant | 2012-05-27 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Setup/Application/Install/RPC/DBCheck.php in OSCommerce Online Merchant 3.0.2, when the software is being installed, allows remote attackers to inject arbitrary web script or HTML via the name parameter to oscommerce/index.php, which is not properly handled in an error message. NOTE: this might not be a vulnerability, since the ability to access oscommerce/index.php during installation may already imply administrator privileges. | |||||
| CVE-2012-0311 | 1 Oscommerce | 1 Oscommerce | 2012-02-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in osCommerce 2.2MS1J before R9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-0312 | 1 Oscommerce | 2 Online Merchant, Oscommerce | 2012-02-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in osCommerce 2.2MS1J before R9, and osCommerce Online Merchant before 2.3.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2002-2019 | 1 Oscommerce | 1 Oscommerce | 2011-06-28 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in include_once.php in osCommerce (a.k.a. Exchange Project) 2.1 allows remote attackers to execute arbitrary PHP code via the include_file parameter. | |||||
| CVE-2006-6534 | 1 Oscommerce | 1 Oscommerce | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in osCommerce 3.0a3 allow remote attackers to inject arbitrary web script or HTML via the (1) set parameter to admin/modules.php, the (2) selected_box parameter to definitiva/admin/customers.php, the (3) lID parameter to admin/languages_definitions.php, or the (4) pID parameter to admin/products.php. | |||||
| CVE-2002-1991 | 1 Oscommerce | 1 Oscommerce | 2008-09-04 | 7.5 HIGH | N/A |
| PHP file inclusion vulnerability in osCommerce 2.1 execute arbitrary commands via the include_file parameter to include_once.php. | |||||