GCVE - cpe:2.3:a:oscommerce:oscommerce:1.13:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:oscommerce:oscommerce:1.13:*:*:*:*:*:*:*

part: a version: 1.13 update: *

Vendor	Oscommerce (`098fcb3a-981f-5eec-92bc-f7a3c45bbae2`)
Product	Oscommerce (`f05e8607-2cd4-5ed2-8937-7df3644c7cce`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/oscommerce/oscommerce`	purl2cpe	2026-06-01 10:12:48.795682
`pkg:github/oscommerce/oscommerce2`	purl2cpe	2026-06-01 10:12:48.795683

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2006-5190`	vulnerable	2026-06-08 04:49:19.920796	Details available Multiple cross-site scripting (XSS) vulnerabilities in osCommerce 2.2 Milestone 2 Update 060817 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in the (a) banner_manager.php, (b) banner_statistics.php, (c) countries.php, (d) currencies.php, (e) languages.php, (f) manufacturers.php, (g) newsletters.php, (h) orders_status.php, (i) products_attributes.php, (j) products_expected.php, (k) reviews.php, (l) specials.php, (m) stats_products_purchased.php, (n) stats_products_viewed.php, (o) tax_classes.php, (p) tax_rates.php, or (q) zones.php scripts in /admin, and the (2) zpage parameter in (r) admin/geo_zones.php. Published: 2006-10-06T19:00:00.000Z Updated: 2024-08-07T19:41:05.006Z Open on db.gcve.eu Reference links https://www.exploit-db.com/exploits/28750/ http://www.osvdb.org/29801 https://www.exploit-db.com/exploits/28746/ http://www.osvdb.org/29803 http://www.vupen.com/english/advisories/2006/3917	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2005-4677`	not_vulnerable	2026-06-08 04:48:44.673849	Details available SQL injection vulnerability in additional_images.php (aka the Additional Images module) before 1.14 in osCommerce allows remote attackers to execute arbitrary SQL commands via the products_id parameter to product_info.php. Published: 2006-02-01T02:00:00.000Z Updated: 2024-08-07T23:53:28.523Z Open on db.gcve.eu Reference links http://www.osvdb.org/19874 http://secunia.com/advisories/17082 http://www.securityfocus.com/bid/15023 http://www.vupen.com/english/advisories/2005/1974 http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0124.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.