CVE Tools

oscommerce

Web & CMS Pluginsoss-project

65

Cumulative CVEs

15

Monthly snapshots

#19

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting oscommerce.

CVE-2019-25497osCommerce 2.3.4.1 SQL Injection via currency Parameter8.2Feb 27, 2026
CVE-2019-25496osCommerce 2.3.4.1 SQL Injection via products_id Parameter8.2Feb 27, 2026
CVE-2019-25495osCommerce 2.3.4.1 SQL Injection via reviews_id Parameter8.2Feb 27, 2026
CVE-2024-22724An issue was discovered in osCommerce v4, allows local attackers to bypass file upload restrictions and execute arbitrary code via administrator profile photo upload feature.6.6Mar 21, 2024
CVE-2023-6609osCommerce all-products cross site scripting3.5Dec 8, 2023
CVE-2023-6579osCommerce POST Parameter shopping-cart sql injection7.3Dec 7, 2023
CVE-2023-6296osCommerce Instant Message compare cross site scripting4.3Nov 26, 2023
CVE-2023-5112Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS)5.4Sep 30, 2023
CVE-2023-5111Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS)5.4Sep 30, 2023
CVE-2023-43735Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS)5.4Sep 30, 2023
CVE-2023-43734Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS)5.4Sep 30, 2023
CVE-2023-43733Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS)5.4Sep 30, 2023
CVE-2023-43732Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS)5.4Sep 30, 2023
CVE-2023-43731Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS)5.4Sep 30, 2023
CVE-2023-43730Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS)5.4Sep 30, 2023