VYPR

Online Market Place Site

by Sourcecodester

CVEs (4)

  • CVE-2022-30004Sep 26, 2022
    risk 0.00cvss epss 0.01

    Sourcecodester Online Market Place Site v1.0 suffers from an unauthenticated blind SQL Injection Vulnerability allowing remote attackers to dump the SQL database via time-based SQL injection..

  • CVE-2022-30003Sep 26, 2022
    risk 0.00cvss epss 0.00

    Sourcecodester Online Market Place Site 1.0 is vulnerable to Cross Site Scripting (XSS), allowing attackers to register as a Seller then create new products containing XSS payloads in the 'Product Title' and 'Short Description' fields.

  • CVE-2022-29627May 27, 2022
    risk 0.00cvss epss 0.01

    An insecure direct object reference (IDOR) in Online Market Place Site v1.0 allows attackers to modify products that are owned by other sellers.

  • CVE-2022-29628May 27, 2022
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability in /omps/seller of Online Market Place Site v1.0 allows attackers to execute arbitrary web cripts or HTML via a crafted payload injected into the Page parameter.