gburton/CE-Phoenix

gburton/CE-Phoenix

Releases30

Frequency2 months 2 weeks

Last Release over 5 years ago

Stars130

WE KEPT OSCOMMERCE ALIVE, but now this Repo is defunct, please see the new Repo URL listed below.

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2020-29070 ↗	Nov 25, 2020Wednesday, 25 November 2020, 20:15	4.8 MEDIUM	3.5 LOW
osCommerce 2.3.4.1 has XSS vulnerability via the authenticated user entering the XSS payload into the title section of newsletters.
CVE-2020-12058 ↗	Sep 3, 2020Thursday, 3 September 2020, 14:15	6.1 MEDIUM	4.3 MEDIUM
Several XSS vulnerabilities in osCommerce CE Phoenix before 1.0.6.0 allow an attacker to inject and execute arbitrary JavaScript code. The malicious code can be injected as follows: the page parameter to catalog/admin/order_status.php, catalog/admin/tax_rates.php, catalog/admin/languages.php, catalog/admin/countries.php, catalog/admin/tax_classes.php, catalog/admin/reviews.php, or catalog/admin/zones.php; or the zpage or spage parameter to catalog/admin/geo_zones.php.