VYPR

Vendor CVEs

Iscripts

All CVEs

31 total · sorted by risk
  • CVE-2018-11373CriMay 22, 2018
    risk 0.64cvss 9.8epss 0.01

    iScripts eSwap v2.4 has SQL injection via the "salelistdetailed.php" User Panel ToId parameter.

  • CVE-2018-11372CriMay 22, 2018
    risk 0.64cvss 9.8epss 0.01

    iScripts eSwap v2.4 has SQL injection via the wishlistdetailed.php User Panel ToId parameter.

  • CVE-2018-11470HigMay 25, 2018
    risk 0.57cvss 8.8epss 0.01

    iScripts eSwap v2.4 has SQL injection via the "search.php" 'Told' parameter in the User Panel.

  • CVE-2018-10137HigApr 16, 2018
    risk 0.57cvss 8.8epss 0.01

    iScripts UberforX 2.2 has CSRF in the "manage_settings" section of the Admin Panel via the /cms?section=manage_settings&action=edit URI.

  • CVE-2018-10048HigApr 11, 2018
    risk 0.57cvss 8.8epss 0.01

    iScripts eSwap v2.4 has CSRF via "registration_settings.php" in the Admin Panel.

  • CVE-2019-25481HigMar 12, 2026
    risk 0.53cvss 8.2epss 0.00

    iScripts ReserveLogic contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the jqSearchDestination parameter. Attackers can send POST requests to the search endpoint with crafted SQL payloads…

  • CVE-2018-10050HigApr 11, 2018
    risk 0.47cvss 7.2epss 0.01

    iScripts eSwap v2.4 has SQL injection via the "registration_settings.php" ddlFree parameter in the Admin Panel.

  • CVE-2018-9235MedApr 4, 2018
    risk 0.43cvss 6.1epss 0.03

    iScripts SonicBB 1.0 has Reflected Cross-Site Scripting via the query parameter to search.php.

  • CVE-2018-10136MedApr 16, 2018
    risk 0.40cvss 6.1epss 0.01

    iScripts UberforX 2.2 has Stored XSS in the "manage_settings" section of the Admin Panel via a value field to the /cms?section=manage_settings&action=edit URI.

  • CVE-2018-10135MedApr 16, 2018
    risk 0.40cvss 6.1epss 0.01

    iScripts eSwap v2.4 has Reflected XSS via the "catwiseproducts.php" catid parameter in the User Panel.

  • CVE-2018-9237MedApr 4, 2018
    risk 0.38cvss 5.4epss 0.02

    iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the "Site Description" field.

  • CVE-2018-9236MedApr 4, 2018
    risk 0.38cvss 5.4epss 0.02

    iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the "Site title" field.

  • CVE-2025-62117MedDec 31, 2025
    risk 0.35cvss 5.4epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Jayce53 EasyIndex easyindex allows Cross Site Request Forgery.This issue affects EasyIndex: from n/a through <= 1.1.1704.

  • CVE-2018-10051MedApr 11, 2018
    risk 0.35cvss 5.4epss 0.01

    iScripts SupportDesk v4.3 has XSS via the staff/inteligentsearchresult.php txtinteligentsearch parameter.

  • CVE-2018-10052MedApr 11, 2018
    risk 0.31cvss 4.8epss 0.01

    iScripts SupportDesk v4.3 has XSS via the admin/inteligentsearchresult.php txtinteligentsearch parameter.

  • CVE-2018-10049MedApr 11, 2018
    risk 0.31cvss 4.8epss 0.01

    iScripts eSwap v2.4 has XSS via the "registration_settings.php" txtDate parameter in the Admin Panel.

  • CVE-2013-7190Dec 20, 2013
    risk 0.03cvss epss 0.04

    Multiple directory traversal vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to read arbitrary files via the (1) tmpid parameter to websitebuilder/showtemplateimage.php, (2) fname parameter to admin/downloadfile.php, or (3) id parameter to…

  • CVE-2013-7189Dec 20, 2013
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to execute arbitrary SQL commands via the cmbdomain parameter to (1) checktransferstatus.php, (2) checktransferstatusbck.php, or (3) additionalsettings.php; or (4) invno parameter…

  • CVE-2010-5036Nov 2, 2011
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in addsale.php in iScripts eSwap 2.0 allows remote attackers to execute arbitrary SQL commands via the type parameter.

  • CVE-2010-5035Nov 2, 2011
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in search.php in iScripts eSwap 2.0 allows remote attackers to inject arbitrary web script or HTML via the txtHomeSearch parameter (aka the search field). NOTE: some of these details are obtained from third party information.

  • CVE-2010-5034Nov 2, 2011
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in viewhistorydetail.php in iScripts EasyBiller 1.1 allows remote attackers to execute arbitrary SQL commands via the planid parameter.

  • CVE-2010-4983Nov 1, 2011
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in profile.php in iScripts CyberMatch 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2010-4980Nov 1, 2011
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in packagedetails.php in iScripts ReserveLogic 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter.

  • CVE-2010-2853Jul 25, 2010
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in flashPlayer/playVideo.php in iScripts VisualCaster allows remote attackers to execute arbitrary SQL commands via the product_id parameter.

  • CVE-2010-2624Jul 2, 2010
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in iScripts EasySnaps 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) comment parameter to add_comments.php, (2) values parameter to tags_details.php, or (3) begin parameter to greetings.php.

  • CVE-2008-4169Sep 22, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in detaillist.php in iScripts EasyIndex, possibly 1.0, allows remote attackers to execute arbitrary SQL commands via the produid parameter.

  • CVE-2008-1859Apr 16, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in events.php in iScripts SocialWare allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action.

  • CVE-2008-1790Apr 15, 2008
    risk 0.03cvss epss 0.01

    Unrestricted file upload vulnerability in iScripts SocialWare allows remote authenticated administrators to upload arbitrary files via a crafted logo file in the "Manage Settings" functionality. NOTE: remote exploitation is facilitated by a separate SQL injection vulnerability.

  • CVE-2008-1772Apr 14, 2008
    risk 0.03cvss epss 0.02

    iScripts SocialWare stores passwords in cleartext in a database, which allows context-dependent attackers to obtain sensitive information.

  • CVE-2008-0911Feb 22, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in productdetails.php in iScripts MultiCart 2.0 allows remote authenticated users to execute arbitrary SQL commands via the productid parameter.

  • CVE-2007-5261Oct 6, 2007
    risk 0.03cvss epss 0.02

    Multiple SQL injection vulnerabilities in MultiCart 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) catid parameter to categorydetail.php and the (2) ddlCategory parameter to search.php.