Iscripts
Products
14- 9 CVEs
- 3 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
31| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-11373 | Cri | 0.64 | 9.8 | 0.01 | May 22, 2018 | iScripts eSwap v2.4 has SQL injection via the "salelistdetailed.php" User Panel ToId parameter. | ||
| CVE-2018-11372 | Cri | 0.64 | 9.8 | 0.01 | May 22, 2018 | iScripts eSwap v2.4 has SQL injection via the wishlistdetailed.php User Panel ToId parameter. | ||
| CVE-2018-11470 | Hig | 0.57 | 8.8 | 0.01 | May 25, 2018 | iScripts eSwap v2.4 has SQL injection via the "search.php" 'Told' parameter in the User Panel. | ||
| CVE-2018-10137 | Hig | 0.57 | 8.8 | 0.01 | Apr 16, 2018 | iScripts UberforX 2.2 has CSRF in the "manage_settings" section of the Admin Panel via the /cms?section=manage_settings&action=edit URI. | ||
| CVE-2018-10048 | Hig | 0.57 | 8.8 | 0.01 | Apr 11, 2018 | iScripts eSwap v2.4 has CSRF via "registration_settings.php" in the Admin Panel. | ||
| CVE-2019-25481 | Hig | 0.53 | 8.2 | 0.00 | Mar 12, 2026 | iScripts ReserveLogic contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the jqSearchDestination parameter. Attackers can send POST requests to the search endpoint with crafted SQL payloads… | ||
| CVE-2018-10050 | Hig | 0.47 | 7.2 | 0.01 | Apr 11, 2018 | iScripts eSwap v2.4 has SQL injection via the "registration_settings.php" ddlFree parameter in the Admin Panel. | ||
| CVE-2018-9235 | Med | 0.43 | 6.1 | 0.03 | Apr 4, 2018 | iScripts SonicBB 1.0 has Reflected Cross-Site Scripting via the query parameter to search.php. | ||
| CVE-2018-10136 | Med | 0.40 | 6.1 | 0.01 | Apr 16, 2018 | iScripts UberforX 2.2 has Stored XSS in the "manage_settings" section of the Admin Panel via a value field to the /cms?section=manage_settings&action=edit URI. | ||
| CVE-2018-10135 | Med | 0.40 | 6.1 | 0.01 | Apr 16, 2018 | iScripts eSwap v2.4 has Reflected XSS via the "catwiseproducts.php" catid parameter in the User Panel. | ||
| CVE-2018-9237 | Med | 0.38 | 5.4 | 0.02 | Apr 4, 2018 | iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the "Site Description" field. | ||
| CVE-2018-9236 | Med | 0.38 | 5.4 | 0.02 | Apr 4, 2018 | iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the "Site title" field. | ||
| CVE-2025-62117 | Med | 0.35 | 5.4 | 0.00 | Dec 31, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Jayce53 EasyIndex easyindex allows Cross Site Request Forgery.This issue affects EasyIndex: from n/a through <= 1.1.1704. | ||
| CVE-2018-10051 | Med | 0.35 | 5.4 | 0.01 | Apr 11, 2018 | iScripts SupportDesk v4.3 has XSS via the staff/inteligentsearchresult.php txtinteligentsearch parameter. | ||
| CVE-2018-10052 | Med | 0.31 | 4.8 | 0.01 | Apr 11, 2018 | iScripts SupportDesk v4.3 has XSS via the admin/inteligentsearchresult.php txtinteligentsearch parameter. | ||
| CVE-2018-10049 | Med | 0.31 | 4.8 | 0.01 | Apr 11, 2018 | iScripts eSwap v2.4 has XSS via the "registration_settings.php" txtDate parameter in the Admin Panel. | ||
| CVE-2013-7190 | 0.03 | — | 0.04 | Dec 20, 2013 | Multiple directory traversal vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to read arbitrary files via the (1) tmpid parameter to websitebuilder/showtemplateimage.php, (2) fname parameter to admin/downloadfile.php, or (3) id parameter to… | |||
| CVE-2013-7189 | 0.03 | — | 0.01 | Dec 20, 2013 | Multiple SQL injection vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to execute arbitrary SQL commands via the cmbdomain parameter to (1) checktransferstatus.php, (2) checktransferstatusbck.php, or (3) additionalsettings.php; or (4) invno parameter… | |||
| CVE-2010-5036 | 0.03 | — | 0.01 | Nov 2, 2011 | SQL injection vulnerability in addsale.php in iScripts eSwap 2.0 allows remote attackers to execute arbitrary SQL commands via the type parameter. | |||
| CVE-2010-5035 | 0.03 | — | 0.02 | Nov 2, 2011 | Cross-site scripting (XSS) vulnerability in search.php in iScripts eSwap 2.0 allows remote attackers to inject arbitrary web script or HTML via the txtHomeSearch parameter (aka the search field). NOTE: some of these details are obtained from third party information. |
- risk 0.64cvss 9.8epss 0.01
iScripts eSwap v2.4 has SQL injection via the "salelistdetailed.php" User Panel ToId parameter.
- risk 0.64cvss 9.8epss 0.01
iScripts eSwap v2.4 has SQL injection via the wishlistdetailed.php User Panel ToId parameter.
- risk 0.57cvss 8.8epss 0.01
iScripts eSwap v2.4 has SQL injection via the "search.php" 'Told' parameter in the User Panel.
- risk 0.57cvss 8.8epss 0.01
iScripts UberforX 2.2 has CSRF in the "manage_settings" section of the Admin Panel via the /cms?section=manage_settings&action=edit URI.
- risk 0.57cvss 8.8epss 0.01
iScripts eSwap v2.4 has CSRF via "registration_settings.php" in the Admin Panel.
- risk 0.53cvss 8.2epss 0.00
iScripts ReserveLogic contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the jqSearchDestination parameter. Attackers can send POST requests to the search endpoint with crafted SQL payloads…
- risk 0.47cvss 7.2epss 0.01
iScripts eSwap v2.4 has SQL injection via the "registration_settings.php" ddlFree parameter in the Admin Panel.
- risk 0.43cvss 6.1epss 0.03
iScripts SonicBB 1.0 has Reflected Cross-Site Scripting via the query parameter to search.php.
- risk 0.40cvss 6.1epss 0.01
iScripts UberforX 2.2 has Stored XSS in the "manage_settings" section of the Admin Panel via a value field to the /cms?section=manage_settings&action=edit URI.
- risk 0.40cvss 6.1epss 0.01
iScripts eSwap v2.4 has Reflected XSS via the "catwiseproducts.php" catid parameter in the User Panel.
- risk 0.38cvss 5.4epss 0.02
iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the "Site Description" field.
- risk 0.38cvss 5.4epss 0.02
iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the "Site title" field.
- risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Jayce53 EasyIndex easyindex allows Cross Site Request Forgery.This issue affects EasyIndex: from n/a through <= 1.1.1704.
- risk 0.35cvss 5.4epss 0.01
iScripts SupportDesk v4.3 has XSS via the staff/inteligentsearchresult.php txtinteligentsearch parameter.
- risk 0.31cvss 4.8epss 0.01
iScripts SupportDesk v4.3 has XSS via the admin/inteligentsearchresult.php txtinteligentsearch parameter.
- risk 0.31cvss 4.8epss 0.01
iScripts eSwap v2.4 has XSS via the "registration_settings.php" txtDate parameter in the Admin Panel.
- CVE-2013-7190Dec 20, 2013risk 0.03cvss —epss 0.04
Multiple directory traversal vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to read arbitrary files via the (1) tmpid parameter to websitebuilder/showtemplateimage.php, (2) fname parameter to admin/downloadfile.php, or (3) id parameter to…
- CVE-2013-7189Dec 20, 2013risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to execute arbitrary SQL commands via the cmbdomain parameter to (1) checktransferstatus.php, (2) checktransferstatusbck.php, or (3) additionalsettings.php; or (4) invno parameter…
- CVE-2010-5036Nov 2, 2011risk 0.03cvss —epss 0.01
SQL injection vulnerability in addsale.php in iScripts eSwap 2.0 allows remote attackers to execute arbitrary SQL commands via the type parameter.
- CVE-2010-5035Nov 2, 2011risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in search.php in iScripts eSwap 2.0 allows remote attackers to inject arbitrary web script or HTML via the txtHomeSearch parameter (aka the search field). NOTE: some of these details are obtained from third party information.