Known Vulnerabilities for Online Merchant by Oscommerce
Listed below are 10 of the newest known vulnerabilities associated with "Online Merchant" by "Oscommerce".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2018-18966 | osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. The .htaccess file in catalog... | 4.9 - MEDIUM | 2018-11-06 | 2020-08-24 |
| CVE-2018-18965 | osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. The .htaccess file in catalog... | 4.9 - MEDIUM | 2018-11-06 | 2020-08-24 |
| CVE-2018-18964 | osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. The .htaccess file in catalog... | 4.9 - MEDIUM | 2018-11-06 | 2020-08-24 |
| CVE-2014-10033 | SQL injection vulnerability in the update_zone function in catalog/admin/geo_zones.php in osCommerce Online Merchant 2.3.3.4 ... | 6.5 - MEDIUM | 2015-01-13 | 2017-09-08 |
| CVE-2012-2991 | The PayPal (aka MODULE_PAYMENT_PAYPAL_STANDARD) module before 1.1 in osCommerce Online Merchant before 2.3.4 allows remote at... | 5 - MEDIUM | 2012-09-19 | 2013-03-02 |
| CVE-2012-2935 | Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Shop/Application/Checkout/pages/main.php in OSCommerce On... | 4.3 - MEDIUM | 2012-05-27 | 2017-08-29 |
| CVE-2012-1792 | Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Setup/Application/Install/RPC/DBCheck.php in OSCommerce O... | 2.6 - LOW | 2012-05-27 | 2012-05-28 |
| CVE-2012-1059 | Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Shop/Application/Cart/pages/main.php in OSCommerce Online... | 4.3 - MEDIUM | 2012-02-14 | 2017-08-29 |
| CVE-2012-0312 | Cross-site scripting (XSS) vulnerability in osCommerce 2.2MS1J before R9, and osCommerce Online Merchant before 2.3.1, allows... | 4.3 - MEDIUM | 2012-01-26 | 2012-02-06 |
| CVE-2008-4765 | SQL injection vulnerability in pollBooth.php in osCommerce Poll Booth Add-On 2.0 allows remote attackers to execute arbitrary... | 7.5 - HIGH | 2008-10-28 | 2017-09-29 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Oscommerce | Online Merchant | 3.0.2 | All | All | All |
| Application | Oscommerce | Online Merchant | 3.0.1 | All | All | All |
| Application | Oscommerce | Online Merchant | 3.0 | All | All | All |
| Application | Oscommerce | Online Merchant | 2.4.2 | All | All | All |
| Application | Oscommerce | Online Merchant | 2.4.1 | All | All | All |
| Application | Oscommerce | Online Merchant | 2.4.0 | All | All | All |
| Application | Oscommerce | Online Merchant | 2.3.4.1 | All | All | All |
| Application | Oscommerce | Online Merchant | 2.3.4 | All | All | All |
| Application | Oscommerce | Online Merchant | 2.3.3.4 | All | All | All |
| Application | Oscommerce | Online Merchant | 2.3.3.3 | All | All | All |
| Application | Oscommerce | Online Merchant | 2.3.3.2 | All | All | All |
| Application | Oscommerce | Online Merchant | 2.3.3.1 | All | All | All |
| Application | Oscommerce | Online Merchant | 2.3.3 | All | All | All |
| Application | Oscommerce | Online Merchant | 2.3.2 | All | All | All |
| Application | Oscommerce | Online Merchant | 2.3.1 | All | All | All |
| Application | Oscommerce | Online Merchant | 2.3.0 | All | All | All |
| Application | Oscommerce | Online Merchant | 2.3 | All | All | All |