GCVE - cpe:2.3:a:oscommerce:online_merchant:2.2:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:oscommerce:online_merchant:2.2:*:*:*:*:*:*:*

part: a version: 2.2 update: *

Vendor	Oscommerce (`098fcb3a-981f-5eec-92bc-f7a3c45bbae2`)
Product	Online Merchant (`e01c5edd-bf02-507b-80cc-a85ee5ddbfba`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/oscommerce/oscommerce`	purl2cpe	2026-06-01 10:12:48.813232
`pkg:github/oscommerce/oscommerce2`	purl2cpe	2026-06-01 10:12:48.813235

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2012-2935`	vulnerable	2026-06-08 05:02:07.291226	Details available Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Shop/Application/Checkout/pages/main.php in OSCommerce Online Merchant 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the value_title parameter, a different vulnerability than CVE-2012-1059. Published: 2012-05-27T19:00:00.000Z Updated: 2024-08-06T19:50:05.106Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/75900 https://github.com/osCommerce/oscommerce/commit/a5aeb0448cc333cc4b801c0e01981b218fd9c7df	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-1792`	vulnerable	2026-06-08 05:00:50.961001	Details available Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Setup/Application/Install/RPC/DBCheck.php in OSCommerce Online Merchant 3.0.2, when the software is being installed, allows remote attackers to inject arbitrary web script or HTML via the name parameter to oscommerce/index.php, which is not properly handled in an error message. NOTE: this might not be a vulnerability, since the ability to access oscommerce/index.php during installation may already imply administrator privileges. Published: 2012-05-27T19:00:00.000Z Updated: 2024-09-16T22:25:24.576Z Open on db.gcve.eu Reference links https://www.trustwave.com/spiderlabs/advisories/TWSL2012-005.txt	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-0312`	vulnerable	2026-06-08 05:00:40.638449	Details available Cross-site scripting (XSS) vulnerability in osCommerce 2.2MS1J before R9, and osCommerce Online Merchant before 2.3.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: 2012-01-26T15:00:00.000Z Updated: 2024-09-16T23:57:01.363Z Open on db.gcve.eu Reference links http://jvndb.jvn.jp/jvndb/JVNDB-2012-000005 http://sourceforge.jp/forum/forum.php?forum_id=28119 http://jvn.jp/en/jp/JVN64386898/index.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.