Known Vulnerabilities for products from Oscommerce
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Oscommerce".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2025-25119 | Not Provided | 2025-03-03 | 2026-04-01 | |
| CVE-2020-29070 | osCommerce 2.3.4.1 has XSS vulnerability via the authenticated user entering the XSS payload into the title section of newsle... | 4.8 - MEDIUM | 2020-11-25 | 2020-11-27 |
| CVE-2020-27976 | osCommerce Phoenix CE before 1.0.5.4 allows OS command injection remotely. Within admin/mail.php, a from POST parameter can b... | 9.8 - CRITICAL | 2020-10-28 | 2020-10-29 |
| CVE-2020-27975 | osCommerce Phoenix CE before 1.0.5.4 allows admin/define_language.php CSRF. | 8.8 - HIGH | 2020-10-28 | 2020-10-29 |
| CVE-2020-23360 | oscommerce v2.3.4.1 has a functional problem in user registration and password rechecking, where a non-identical password can... | 9.8 - CRITICAL | 2021-01-27 | 2021-02-02 |
| CVE-2020-12058 | Several XSS vulnerabilities in osCommerce CE Phoenix before 1.0.6.0 allow an attacker to inject and execute arbitrary JavaScr... | 6.1 - MEDIUM | 2020-09-03 | 2020-09-11 |
| CVE-2018-18966 | osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. The .htaccess file in catalog... | 4.9 - MEDIUM | 2018-11-06 | 2020-08-24 |
| CVE-2018-18965 | osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. The .htaccess file in catalog... | 4.9 - MEDIUM | 2018-11-06 | 2020-08-24 |
| CVE-2018-18964 | osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. The .htaccess file in catalog... | 4.9 - MEDIUM | 2018-11-06 | 2020-08-24 |
| CVE-2018-18573 | osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Remote authenticated administ... | 7.2 - HIGH | 2019-08-22 | 2019-08-28 |
| CVE-2018-18572 | osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Because of this filter, scrip... | 7.2 - HIGH | 2019-08-22 | 2019-08-29 |
| CVE-2015-2965 | Directory traversal vulnerability in osCommerce Japanese 2.2ms1j-R8 and earlier allows remote authenticated administrators to... | 4 - MEDIUM | 2015-06-28 | 2016-12-03 |
| CVE-2014-10033 | SQL injection vulnerability in the update_zone function in catalog/admin/geo_zones.php in osCommerce Online Merchant 2.3.3.4 ... | 6.5 - MEDIUM | 2015-01-13 | 2017-09-08 |
| CVE-2012-5798 | The PayPal Pro PayFlow EC module in osCommerce does not verify that the server hostname matches a domain name in the subject'... | 5.8 - MEDIUM | 2012-11-04 | 2012-11-05 |
| CVE-2012-5797 | The PayPal Pro PayFlow module in osCommerce does not verify that the server hostname matches a domain name in the subject's C... | 5.8 - MEDIUM | 2012-11-04 | 2017-08-29 |
| CVE-2012-5796 | The PayPal Pro module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Na... | 5.8 - MEDIUM | 2012-11-04 | 2017-08-29 |
| CVE-2012-5795 | The PayPal Express module in osCommerce does not verify that the server hostname matches a domain name in the subject's Commo... | 5.8 - MEDIUM | 2012-11-04 | 2017-08-29 |
| CVE-2012-5794 | The MoneyBookers module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common ... | 5.8 - MEDIUM | 2012-11-04 | 2017-08-29 |
| CVE-2012-5793 | The Authorize.Net module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common... | 5.8 - MEDIUM | 2012-11-04 | 2017-08-29 |
| CVE-2012-5792 | The Sage Pay Direct module in osCommerce does not verify that the server hostname matches a domain name in the subject's Comm... | 5.8 - MEDIUM | 2012-11-04 | 2017-08-29 |
Known software with vulnerabilities from Oscommerce
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Oscommerce | Ce Phoenix | 1.0.6.0 |
| Application | Oscommerce | Online Merchant | 2.3 |
| Application | Oscommerce | Oscommerce | - |