Website Seller Script
CVEs (10)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-6928 | Cri | 0.64 | 9.8 | 0.02 | Feb 13, 2018 | PHP Scripts Mall News Website Script 2.0.4 has SQL Injection via a search term. | ||
| CVE-2018-11501 | Hig | 0.57 | 8.8 | 0.01 | May 26, 2018 | PHP Scripts Mall Website Seller Script 2.0.3 has CSRF via user_submit.php?upd=2, with resultant XSS. | ||
| CVE-2018-6879 | Hig | 0.57 | 8.8 | 0.01 | Apr 12, 2018 | PHP Scripts Mall Website Seller Script 2.0.3 uses the client side to enforce validation of an e-mail address, which allows remote attackers to modify a registered e-mail address by removing the validation code. | ||
| CVE-2018-15897 | Med | 0.42 | 6.5 | 0.01 | Aug 28, 2018 | PHP Scripts Mall Website Seller Script 2.0.5 allows remote attackers to cause a denial of service via crafted JavaScript code in the First Name, Last Name, Company Name, or Fax field, as demonstrated by crossPwn. | ||
| CVE-2018-16456 | Med | 0.40 | 6.1 | 0.01 | Oct 4, 2018 | PHP Scripts Mall Website Seller Script 2.0.5 has XSS via a keyword. NOTE: This may overlap with CVE-2018-6870 which has XSS via the Listings Search feature. | ||
| CVE-2018-6870 | Med | 0.40 | 6.1 | 0.01 | Apr 12, 2018 | Reflected XSS exists in PHP Scripts Mall Website Seller Script 2.0.3 via the Listings Search feature. | ||
| CVE-2018-15896 | Med | 0.35 | 5.4 | 0.01 | Aug 28, 2018 | PHP Scripts Mall Website Seller Script 2.0.5 has XSS via Personal Address or Company Name. | ||
| CVE-2018-6900 | Med | 0.35 | 5.4 | 0.01 | Apr 12, 2018 | PHP Scripts Mall Website Broker Script 3.0.6 has XSS via the Last Name field on the My Profile page. | ||
| CVE-2018-20631 | 0.00 | — | 0.02 | Mar 20, 2019 | PHP Scripts Mall Website Seller Script 2.0.5 allows full Path Disclosure via a request for an arbitrary image URL such as a .png file. | |||
| CVE-2018-20530 | 0.00 | — | 0.01 | Dec 27, 2018 | PHP Scripts Mall Website Seller Script 2.0.5 has XSS via a Profile field such as Company Address, a related issue to CVE-2018-15896. |
- risk 0.64cvss 9.8epss 0.02
PHP Scripts Mall News Website Script 2.0.4 has SQL Injection via a search term.
- risk 0.57cvss 8.8epss 0.01
PHP Scripts Mall Website Seller Script 2.0.3 has CSRF via user_submit.php?upd=2, with resultant XSS.
- risk 0.57cvss 8.8epss 0.01
PHP Scripts Mall Website Seller Script 2.0.3 uses the client side to enforce validation of an e-mail address, which allows remote attackers to modify a registered e-mail address by removing the validation code.
- risk 0.42cvss 6.5epss 0.01
PHP Scripts Mall Website Seller Script 2.0.5 allows remote attackers to cause a denial of service via crafted JavaScript code in the First Name, Last Name, Company Name, or Fax field, as demonstrated by crossPwn.
- risk 0.40cvss 6.1epss 0.01
PHP Scripts Mall Website Seller Script 2.0.5 has XSS via a keyword. NOTE: This may overlap with CVE-2018-6870 which has XSS via the Listings Search feature.
- risk 0.40cvss 6.1epss 0.01
Reflected XSS exists in PHP Scripts Mall Website Seller Script 2.0.3 via the Listings Search feature.
- risk 0.35cvss 5.4epss 0.01
PHP Scripts Mall Website Seller Script 2.0.5 has XSS via Personal Address or Company Name.
- risk 0.35cvss 5.4epss 0.01
PHP Scripts Mall Website Broker Script 3.0.6 has XSS via the Last Name field on the My Profile page.
- CVE-2018-20631Mar 20, 2019risk 0.00cvss —epss 0.02
PHP Scripts Mall Website Seller Script 2.0.5 allows full Path Disclosure via a request for an arbitrary image URL such as a .png file.
- CVE-2018-20530Dec 27, 2018risk 0.00cvss —epss 0.01
PHP Scripts Mall Website Seller Script 2.0.5 has XSS via a Profile field such as Company Address, a related issue to CVE-2018-15896.