osCommerce osCommerce 2.2 ms2
Approved changes feed: RSS · Atom
cpe:2.3:a:oscommerce:oscommerce:2.2_ms2:*:*:*:*:*:*:*
part: a version: 2.2_ms2 update: *
| Vendor | Oscommerce (098fcb3a-981f-5eec-92bc-f7a3c45bbae2) |
|---|---|
| Product | Oscommerce (f05e8607-2cd4-5ed2-8937-7df3644c7cce) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/oscommerce/oscommerce |
purl2cpe | 2026-06-01 10:12:48.795722 |
pkg:github/oscommerce/oscommerce2 |
purl2cpe | 2026-06-01 10:12:48.795724 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2006-5190 |
vulnerable | 2026-06-08 04:49:19.922849 |
Details available
Multiple cross-site scripting (XSS) vulnerabilities in osCommerce 2.2 Milestone 2 Update 060817 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in the (a) banner_manager.php, (b) banner_statistics.php, (c) countries.php, (d) currencies.php, (e) languages.php, (f) manufacturers.php, (g) newsletters.php, (h) orders_status.php, (i) products_attributes.php, (j) products_expected.php, (k) reviews.php, (l) specials.php, (m) stats_products_purchased.php, (n) stats_products_viewed.php, (o) tax_classes.php, (p) tax_rates.php, or (q) zones.php scripts in /admin, and the (2) zpage parameter in (r) admin/geo_zones.php.
Published: 2006-10-06T19:00:00.000Z
Updated: 2024-08-07T19:41:05.006Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2005-2330 |
vulnerable | 2026-06-08 04:48:28.989889 |
Details available
Directory traversal vulnerability in extras/update.php in osCommerce 2.2 allows remote attackers to read arbitrary files via (1) .. sequences or (2) a full pathname in the readme_file parameter.
Published: 2005-07-20T04:00:00.000Z
Updated: 2024-08-07T22:22:48.646Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2005-1951 |
vulnerable | 2026-06-08 04:48:27.956989 |
Details available
Multiple HTTP Response Splitting vulnerabilities in osCommerce 2.2 Milestone 2 and earlier allow remote attackers to spoof web content and poison web caches via hex-encoded CRLF ("%0d%0a") sequences in the (1) products_id or (2) pid parameter to index.php or (3) goto parameter to banner.php.
Published: 2005-06-14T04:00:00.000Z
Updated: 2024-08-07T22:06:57.813Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2005-0458 |
vulnerable | 2026-06-08 04:48:12.691366 |
Details available
Cross-site scripting (XSS) vulnerability in contact_us.php in osCommerce 2.2-MS2 allows remote attackers to inject arbitrary web script or HTML via the enquiry parameter.
Published: 2005-02-17T05:00:00.000Z
Updated: 2024-08-07T21:13:54.238Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2004-2021 |
vulnerable | 2026-06-08 04:48:08.321111 |
Details available
Directory traversal vulnerability in file_manager.php in osCommerce 2.2 allows remote attackers to view arbitrary files via a .. (dot dot) in the filename argument.
Published: 2005-05-10T04:00:00.000Z
Updated: 2024-08-08T01:15:01.145Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.