Advance B2b Script
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-17602 | Cri | 0.67 | 9.8 | 0.03 | Dec 13, 2017 | Advance B2B Script 2.1.3 has SQL Injection via the tradeshow-list-detail.php show_id or view-product.php pid parameter. | ||
| CVE-2018-20633 | Hig | 0.57 | 8.8 | 0.01 | Mar 21, 2019 | PHP Scripts Mall Advance B2B Script 2.1.4 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature. | ||
| CVE-2018-20634 | Med | 0.42 | 6.5 | 0.02 | Mar 21, 2019 | PHP Scripts Mall Advance B2B Script 2.1.4 allows remote attackers to cause a denial of service (changed Page structure) via JavaScript code in the First Name field. | ||
| CVE-2018-20632 | Med | 0.35 | 5.4 | 0.01 | Mar 21, 2019 | PHP Scripts Mall Advance B2B Script 2.1.4 has stored Cross-Site Scripting (XSS) via the FIRST NAME or LAST NAME field. | ||
| CVE-2018-20635 | Med | 0.28 | 4.3 | 0.01 | Mar 21, 2019 | PHP Scripts Mall Advance B2B Script 2.1.4 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory. |
- risk 0.67cvss 9.8epss 0.03
Advance B2B Script 2.1.3 has SQL Injection via the tradeshow-list-detail.php show_id or view-product.php pid parameter.
- risk 0.57cvss 8.8epss 0.01
PHP Scripts Mall Advance B2B Script 2.1.4 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature.
- risk 0.42cvss 6.5epss 0.02
PHP Scripts Mall Advance B2B Script 2.1.4 allows remote attackers to cause a denial of service (changed Page structure) via JavaScript code in the First Name field.
- risk 0.35cvss 5.4epss 0.01
PHP Scripts Mall Advance B2B Script 2.1.4 has stored Cross-Site Scripting (XSS) via the FIRST NAME or LAST NAME field.
- risk 0.28cvss 4.3epss 0.01
PHP Scripts Mall Advance B2B Script 2.1.4 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory.