CPE-00309E60-C7AA-44D3-9F0A-90D9A9CAB567 Detail

CPE Details

osCommerce Online Merchant 2.3.4.1

Vendor

oscommerce

Product

online_merchant

Version

2.3.4.1

Created

2019-09-26
15h57 +00:00

Modified

2019-09-26
15h57 +00:00

Official links

CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Notifications manage

List of Notifications

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

CPE ID

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CPE Name: cpe:2.3:a:oscommerce:online_merchant:2.3.4.1:::::::*

Informations

Vendor

oscommerce

Product

online_merchant

Version

2.3.4.1

Related CVE

Open and find in CVE List

CVE ID	Published	Description	Score	Severity
CVE-2018-18964	2018-11-06 03h00 +00:00	osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. The .htaccess file in catalog/images/ bans the html extension, but there are several extensions in which contained HTML can be executed, such as the svg extension.	4.9	Medium
CVE-2018-18965	2018-11-06 03h00 +00:00	osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. The .htaccess file in catalog/images/ bans the html extension, but there are several alternative cases in which HTML can be executed, such as a file with no extension or an unrecognized extension (e.g., the test or test.asdf filename).	4.9	Medium
CVE-2018-18966	2018-11-06 03h00 +00:00	osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. The .htaccess file in catalog/images/ bans the html extension, but Internet Explorer render HTML elements in a .eml file.	4.9	Medium
CVE-2012-1792	2012-05-27 19h00 +00:00	Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Setup/Application/Install/RPC/DBCheck.php in OSCommerce Online Merchant 3.0.2, when the software is being installed, allows remote attackers to inject arbitrary web script or HTML via the name parameter to oscommerce/index.php, which is not properly handled in an error message. NOTE: this might not be a vulnerability, since the ability to access oscommerce/index.php during installation may already imply administrator privileges.	2.6
CVE-2012-2935	2012-05-27 17h00 +00:00	Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Shop/Application/Checkout/pages/main.php in OSCommerce Online Merchant 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the value_title parameter, a different vulnerability than CVE-2012-1059.	4.3
CVE-2008-4765	2008-10-28 00h00 +00:00	SQL injection vulnerability in pollBooth.php in osCommerce Poll Booth Add-On 2.0 allows remote attackers to execute arbitrary SQL commands via the pollID parameter in a results operation. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect.	7.5

osCommerce Online Merchant 2.3.4.1

CPE Details

CPE Name: cpe:2.3:a:oscommerce:online_merchant:2.3.4.1:*:*:*:*:*:*:*

Informations

Vendor

Product

Version

Related CVE

CPE Name: cpe:2.3:a:oscommerce:online_merchant:2.3.4.1:::::::*