osCommerce CE Phoenix 1.0.6.0
Approved changes feed: RSS · Atom
cpe:2.3:a:oscommerce:ce_phoenix:1.0.6.0:*:*:*:*:*:*:*
part: a version: 1.0.6.0 update: *
| Vendor | Oscommerce (098fcb3a-981f-5eec-92bc-f7a3c45bbae2) |
|---|---|
| Product | Ce Phoenix (1c17f020-1ff4-5c30-af5b-7f4227111bb2) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/ce-phoenixcart/phoenixcart |
purl2cpe | 2026-06-01 10:12:48.791175 |
pkg:github/gburton/ce-phoenix |
purl2cpe | 2026-06-01 10:12:48.791178 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2020-12058 |
vulnerable | 2026-06-08 05:17:56.305216 |
Details available
Several XSS vulnerabilities in osCommerce CE Phoenix before 1.0.6.0 allow an attacker to inject and execute arbitrary JavaScript code. The malicious code can be injected as follows: the page parameter to catalog/admin/order_status.php, catalog/admin/tax_rates.php, catalog/admin/languages.php, catalog/admin/countries.php, catalog/admin/tax_classes.php, catalog/admin/reviews.php, or catalog/admin/zones.php; or the zpage or spage parameter to catalog/admin/geo_zones.php.
Published: 2020-09-03T13:09:48.000Z
Updated: 2024-08-04T11:48:57.825Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.