Oscommerce Online Merchant — known CVE vulnerabilities
Every CVE whose affected-product data names Oscommerce Online Merchant, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2014-10033 — CVSS 6.5 (medium): SQL injection vulnerability in the update_zone function in catalog/admin/geo_zones.php in osCommerce Online Merchant 2.3.3.4 and earlier…
CVE-2012-2991 — CVSS 5.0 (medium): The PayPal (aka MODULE_PAYMENT_PAYPAL_STANDARD) module before 1.1 in osCommerce Online Merchant before 2.3.4 allows remote attackers to set…
CVE-2018-18966 — CVSS 4.9 (medium): osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. The .htaccess file in catalog/images/ bans…
CVE-2018-18964 — CVSS 4.9 (medium): osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. The .htaccess file in catalog/images/ bans…
CVE-2018-18965 — CVSS 4.9 (medium): osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. The .htaccess file in catalog/images/ bans…
CVE-2012-1059 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Shop/Application/Cart/pages/main.php in OSCommerce Online Merchant…
CVE-2012-0312 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in osCommerce 2.2MS1J before R9, and osCommerce Online Merchant before 2.3.1, allows remote…
CVE-2012-2935 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Shop/Application/Checkout/pages/main.php in OSCommerce Online Merchant…
CVE-2012-1792 — CVSS 2.6 (low): Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Setup/Application/Install/RPC/DBCheck.php in OSCommerce Online Merchant…