Oscommerce
This hub aggregates every CVE we track for Oscommerce, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.
78
CVEs tracked
2
Critical
14
High
0
In CISA KEV
Severity distribution
MEDIUM61HIGH14CRITICAL2LOW1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
3
0
0
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Oscommerce.
- CVE-2019-25497osCommerce 2.3.4.1 SQL Injection via currency Parameter8.2
- CVE-2019-25496osCommerce 2.3.4.1 SQL Injection via products_id Parameter8.2
- CVE-2019-25495osCommerce 2.3.4.1 SQL Injection via reviews_id Parameter8.2
- CVE-2024-22724An issue was discovered in osCommerce v4, allows local attackers to bypass file upload restrictions and execute arbitrary code via administrator profile photo upload feature.6.6
- CVE-2023-6609osCommerce all-products cross site scripting3.5
- CVE-2023-6579osCommerce POST Parameter shopping-cart sql injection7.3
- CVE-2023-6296osCommerce Instant Message compare cross site scripting4.3
- CVE-2023-5112Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS)5.4
- CVE-2023-5111Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS)5.4
- CVE-2023-43735Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS)5.4
- CVE-2023-43734Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS)5.4
- CVE-2023-43733Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS)5.4
- CVE-2023-43732Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS)5.4
- CVE-2023-43731Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS)5.4
- CVE-2023-43730Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS)5.4
Product normalization is registry-driven with AI assist and human review. How it works