Oxid-Esales Oxideshop-Ce vulnerabilities
2 known vulnerabilities affecting oxid-esales/oxideshop-ce.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2
Vulnerabilities
Page 1 of 1
CVE-2015-6926P3HIGH≥ 0, < 4.5.02022-05-13
CVE-2015-6926 [HIGH] CWE-287 OXID eShop user impersonation vulnerability
OXID eShop user impersonation vulnerability
The OpenID Single Sign-On authentication functionality in OXID eShop before 4.5.0 allows remote attackers to impersonate users via the email address in a crafted authentication token.
ghsaosv
CVE-2024-56526P4HIGH≥ 0, ≤ 7.0.52025-05-13
CVE-2024-56526 [HIGH] CWE-200 OXID eShop May Display User Information
OXID eShop May Display User Information
An issue was discovered in OXID eShop before 7. CMS pages in combination with Smarty may display user information if a CMS page contains a Smarty syntax error.
ghsaosv