CVE-2013-5913

Oxid-esales Eshop < 4.6.6 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the getRecommSearch function in recommlist.php in OXID eShop before 4.6.7, Professional and Community Edition 4.7.x before 4.7.8, and Enterprise Edition 5.x before 5.0.8 allows remote attackers to inject arbitrary web script or HTML via the searchrecomm parameter.

References (5)

[Broken Link] http://osvdb.org/98235

[Vendor Advisory] http://secunia.com/advisories/55193

[Vendor Advisory] http://wiki.oxidforge.org/Security_bulletins/2013-001

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/62901

[VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/87760

Scores

EPSS 0.0043

EPSS Percentile 62.6%

Details

CWE

CWE-79

Status published

Products (32)

oxid-esales/eshop < 4.6.6

oxid-esales/eshop

oxid-esales/eshop

oxid-esales/eshop

oxid-esales/eshop

oxid-esales/eshop

oxid-esales/eshop

oxid-esales/eshop

oxid-esales/eshop

oxid-esales/eshop

... and 22 more

Published Oct 15, 2013

Tracked Since Feb 18, 2026