Oscommerce
Approved changes feed: RSS · Atom
cpe:2.3:a:oscommerce:oscommerce:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Oscommerce (098fcb3a-981f-5eec-92bc-f7a3c45bbae2) |
|---|---|
| Product | Oscommerce (f05e8607-2cd4-5ed2-8937-7df3644c7cce) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/oscommerce/oscommerce |
purl2cpe | 2026-06-01 10:12:48.795621 |
pkg:github/oscommerce/oscommerce2 |
purl2cpe | 2026-06-01 10:12:48.795625 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-40674 |
vulnerable | 2026-06-08 07:25:05.361268 |
Reflected Cross-Site Scripting (XSS) in osCommerce
Reflected Cross-Site Scripting (XSS) in osCommerce v4. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the name of any parameter in /watch/en/about-us. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user.
Published: 2025-06-17T08:50:17.363Z
Updated: 2025-06-17T14:31:48.511Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-35212 |
vulnerable | 2026-06-08 05:46:04.269981 |
Details available
osCommerce2 before v2.3.4.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the function tep_db_error().
Published: 2022-08-18T19:30:23.000Z
Updated: 2024-08-03T09:29:17.471Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-25497 |
vulnerable | 2026-06-08 05:13:42.447197 |
osCommerce 2.3.4.1 SQL Injection via currency Parameter
HIGH (8.2)
osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the currency parameter. Attackers can send GET requests to shopping_cart.php with malicious currency values using boolean-based SQL injection payloads to extract sensitive database information.
Published: 2026-02-27T17:23:38.536Z
Updated: 2026-04-07T14:04:45.609Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-25496 |
vulnerable | 2026-06-08 05:13:42.446819 |
osCommerce 2.3.4.1 SQL Injection via products_id Parameter
HIGH (8.2)
osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the products_id parameter. Attackers can modify the products_id value in product_info.php requests and append boolean-based SQL injection payloads to extract sensitive database information.
Published: 2026-02-27T17:23:37.732Z
Updated: 2026-04-07T14:04:44.882Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-25495 |
vulnerable | 2026-06-08 05:13:42.444804 |
osCommerce 2.3.4.1 SQL Injection via reviews_id Parameter
HIGH (8.2)
osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the reviews_id parameter. Attackers can send GET requests to product_reviews_write.php with malicious reviews_id values using boolean-based SQL injection payloads to extract sensitive database information.
Published: 2026-02-27T17:23:36.955Z
Updated: 2026-04-07T14:04:44.088Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2015-2965 |
vulnerable | 2026-06-08 05:06:36.313512 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2009-20006 |
vulnerable | 2026-06-08 04:51:26.055885 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2006-5190 |
vulnerable | 2026-06-08 04:49:19.918169 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2003-1219 |
vulnerable | 2026-06-08 04:47:23.696292 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.