CVE-2014-2016

OXID eShop <4.7.11, <4.8.4, <5.0.11, <5.1.4 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in OXID eShop Professional and Community Edition 4.6.8 and earlier, 4.7.x before 4.7.11, and 4.8.x before 4.8.4, and Enterprise Edition 4.6.8 and earlier, 5.0.x before 5.0.11 and 5.1.x before 5.1.4 allow remote attackers to inject arbitrary web script or HTML via the searchtag parameter to the getTag function in (1) application/controllers/details.php or (2) application/controllers/tag.php.

Exploits (1)

exploitdb WRITEUP
webappsphp
https://www.exploit-db.com/exploits/32375

References (2)

Scores

EPSS 0.0059
EPSS Percentile 69.0%

Details

CWE
CWE-79
Status published
Products (4)
oxid-esales/eshop < 4.6.8
oxid-esales/eshop < 4.6.8
oxid-esales/eshop < 4.6.8
n/a/n/a
Published Mar 25, 2014
Tracked Since Feb 18, 2026