Every CVE whose affected-product data names Oxid-esales Eshop, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (13)
CVE-2018-20715 — CVSS 9.8 (critical): The DB abstraction layer of OXID eSales 4.10.6 is vulnerable to SQL injection via the oxid or synchoxid parameter to the…
CVE-2019-13026 — CVSS 9.8 (critical): OXID eShop 6.0.x before 6.0.5 and 6.1.x before 6.1.4 allows SQL Injection via a crafted URL, leading to full access by an attacker. This…
CVE-2019-17062 — CVSS 8.8 (high): An issue was discovered in OXID eShop 6.x before 6.0.6 and 6.1.x before 6.1.5, OXID eShop Enterprise Edition Version 5.2.x-5.3.x, OXID…
CVE-2018-12579 — CVSS 8.1 (high): An issue was discovered in OXID eShop Enterprise Edition before 5.3.8, 6.0.x before 6.0.3, and 6.1.x before 6.1.0; Professional Edition…
CVE-2017-12415 — CVSS 7.5 (high): OXID eShop Community Edition before 6.0.0 RC2 (development), 4.10.x before 4.10.5 (maintenance), and 4.9.x before 4.9.10 (legacy)…
CVE-2017-14993 — CVSS 7.5 (high): OXID eShop Community Edition before 6.0.0 RC3 (development), 4.10.x before 4.10.6 (maintenance), and 4.9.x before 4.9.11 (legacy)…
CVE-2015-6926 — CVSS 7.5 (high): The OpenID Single Sign-On authentication functionality in OXID eShop before 4.5.0 allows remote attackers to impersonate users via the…
CVE-2018-5763 — CVSS 5.9 (medium): An issue was discovered in OXID eShop Enterprise Edition before 5.3.7 and 6.x before 6.0.1. By entering specially crafted URLs, an attacker…
CVE-2014-4919 — CVSS 5.4 (medium): OXID eShop Professional Edition before 4.7.13 and 4.8.x before 4.8.7, Enterprise Edition before 5.0.13 and 5.1.x before 5.1.7, and…
CVE-2023-38330 — CVSS 5.3 (medium): OXID eShop Enterprise Edition 6.5.0 – 6.5.2 before 6.5.3 allows uploading files with modified headers in the administration area. An…
CVE-2024-56526 — CVSS 4.9 (medium): An issue was discovered in OXID eShop before 7. CMS pages in combination with Smarty may display user information if a CMS page contains a…
CVE-2014-2016 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in OXID eShop Professional and Community Edition 4.6.8 and earlier, 4.7.x before…
CVE-2013-5913 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the getRecommSearch function in recommlist.php in OXID eShop before 4.6.7, Professional and…