GCVE - cpe:2.3:a:oscommerce:online_merchant:2.3.1:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:oscommerce:online_merchant:2.3.1:*:*:*:*:*:*:*

part: a version: 2.3.1 update: *

Vendor	Oscommerce (`098fcb3a-981f-5eec-92bc-f7a3c45bbae2`)
Product	Online Merchant (`e01c5edd-bf02-507b-80cc-a85ee5ddbfba`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/oscommerce/oscommerce`	purl2cpe	2026-06-01 10:12:48.813243
`pkg:github/oscommerce/oscommerce2`	purl2cpe	2026-06-01 10:12:48.813245

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2012-2991`	vulnerable	2026-06-08 05:02:07.563315	Details available The PayPal (aka MODULE_PAYMENT_PAYPAL_STANDARD) module before 1.1 in osCommerce Online Merchant before 2.3.4 allows remote attackers to set the payment recipient via a modified value of the merchant's e-mail address, as demonstrated by setting the recipient to one's self. Published: 2012-09-19T19:00:00.000Z Updated: 2024-08-06T19:50:05.382Z Open on db.gcve.eu Reference links http://www.kb.cert.org/vuls/id/459446 http://secunia.com/advisories/50640	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-2935`	vulnerable	2026-06-08 05:02:07.292319	Details available Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Shop/Application/Checkout/pages/main.php in OSCommerce Online Merchant 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the value_title parameter, a different vulnerability than CVE-2012-1059. Published: 2012-05-27T19:00:00.000Z Updated: 2024-08-06T19:50:05.106Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/75900 https://github.com/osCommerce/oscommerce/commit/a5aeb0448cc333cc4b801c0e01981b218fd9c7df	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-1792`	vulnerable	2026-06-08 05:00:50.962639	Details available Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Setup/Application/Install/RPC/DBCheck.php in OSCommerce Online Merchant 3.0.2, when the software is being installed, allows remote attackers to inject arbitrary web script or HTML via the name parameter to oscommerce/index.php, which is not properly handled in an error message. NOTE: this might not be a vulnerability, since the ability to access oscommerce/index.php during installation may already imply administrator privileges. Published: 2012-05-27T19:00:00.000Z Updated: 2024-09-16T22:25:24.576Z Open on db.gcve.eu Reference links https://www.trustwave.com/spiderlabs/advisories/TWSL2012-005.txt	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.