CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-18966

osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. The .htaccess file in catalog/images/ bans the html extension, but Internet Explorer render HTML elements in a .eml file.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 44.8%

CVSS Severity

CVSS v3 Score 4.9

CVSS v2 Score 4.0

References

https://github.com/osCommerce/oscommerce2/issues/631
https://github.com/osCommerce/oscommerce2/issues/631

Products affected by CVE-2018-18966

Microsoft » Internet Explorer » Version: N/A

cpe:2.3:a:microsoft:internet_explorer:-
Oscommerce » Online Merchant » Version: 2.3.4.1

cpe:2.3:a:oscommerce:online_merchant:2.3.4.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-18966

Products

Pricing

Contact Us