CVE-2020-29070
MEDIUMosCommerce 2.3.4.1 - Authenticated Stored Cross-Site Scripting in Newsletter Title
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2020-29070. PoCs published by aslanemre.
AI-analyzed exploit summary The repository contains only a minimal README with a title and no technical details or exploit code. It is a placeholder with no substantive content related to CVE-2020-29070.
Description
osCommerce 2.3.4.1 has XSS vulnerability via the authenticated user entering the XSS payload into the title section of newsletters.
Exploits (1)
nomisec
STUB
2 stars
by aslanemre · poc
https://github.com/aslanemre/cve-2020-29070
The repository contains only a minimal README with a title and no technical details or exploit code. It is a placeholder with no substantive content related to CVE-2020-29070.
Classification
Stub 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target:
unknown
No auth needed
devstral-2 · analyzed Feb 19, 2026
Full analysis →
References (3)
Core 3
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/gburton/CE-Phoenix/commits/master
Release Notes, Vendor Advisory x_refsource_misc
https://forums.oscommerce.com/forum/17-news-and-announcements/
Exploit, Third Party Advisory x_refsource_misc
https://github.com/aslanemre/cve-2020-29070/blob/main/CVE-2020-29070
Scores
CVSS v3
4.8
EPSS
0.0049
EPSS Percentile
65.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
oscommerce/oscommerce
2.3.4.1
Published
Nov 25, 2020
Tracked Since
Feb 18, 2026