Vendor CVEs
PHP Scripts Mall
All CVEs
145 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-7434 | Med | 0.42 | 6.5 | 0.01 | Mar 21, 2019 | PHP Scripts Mall Rental Bike Script 2.0.3 has directory traversal via a direct request for a listing of an uploads directory. | ||
| CVE-2019-7431 | Med | 0.42 | 6.5 | 0.01 | Mar 21, 2019 | PHP Scripts Mall Image Sharing Script 1.3.4 has directory traversal via a direct request for a listing of an uploads directory. | ||
| CVE-2019-7429 | Med | 0.42 | 6.5 | 0.01 | Mar 21, 2019 | PHP Scripts Mall Property Rental Software 2.1.4 has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2016/08 directory. | ||
| CVE-2018-20647 | Med | 0.42 | 6.5 | 0.02 | Mar 21, 2019 | PHP Scripts Mall Car Rental Script 2.0.8 has directory traversal via a direct request for a listing of an image directory such as an images/ directory. | ||
| CVE-2018-20646 | Med | 0.42 | 6.5 | 0.02 | Mar 21, 2019 | PHP Scripts Mall Basic B2B Script 2.0.9 has has directory traversal via a direct request for a listing of an image directory such as an uploads/ directory. | ||
| CVE-2018-20643 | Med | 0.42 | 6.5 | 0.02 | Mar 21, 2019 | PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory. | ||
| CVE-2018-20642 | Med | 0.42 | 6.5 | 0.02 | Mar 21, 2019 | PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 allows remote attackers to cause a denial of service (outage of profile editing) via crafted JavaScript code in the KeySkills field. | ||
| CVE-2018-20638 | Med | 0.42 | 6.5 | 0.01 | Mar 21, 2019 | PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory. | ||
| CVE-2018-20637 | Med | 0.42 | 6.5 | 0.02 | Mar 21, 2019 | PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 allows remote attackers to cause a denial of service (unrecoverable blank profile) via crafted JavaScript code in the First Name and Last Name field. | ||
| CVE-2018-20634 | Med | 0.42 | 6.5 | 0.02 | Mar 21, 2019 | PHP Scripts Mall Advance B2B Script 2.1.4 allows remote attackers to cause a denial of service (changed Page structure) via JavaScript code in the First Name field. | ||
| CVE-2018-20626 | Med | 0.42 | 6.5 | 0.02 | Mar 21, 2019 | PHP Scripts Mall Consumer Reviews Script 4.0.3 has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory. | ||
| CVE-2019-9065 | Med | 0.42 | 6.5 | 0.01 | Feb 23, 2019 | PHP Scripts Mall Custom T-Shirt Ecommerce Script 3.1.1 allows parameter tampering of the payment amount. | ||
| CVE-2019-9063 | Med | 0.42 | 6.5 | 0.01 | Feb 23, 2019 | PHP Scripts Mall Auction website script 2.0.4 allows parameter tampering of the payment amount. | ||
| CVE-2018-15897 | Med | 0.42 | 6.5 | 0.01 | Aug 28, 2018 | PHP Scripts Mall Website Seller Script 2.0.5 allows remote attackers to cause a denial of service via crafted JavaScript code in the First Name, Last Name, Company Name, or Fax field, as demonstrated by crossPwn. | ||
| CVE-2018-15188 | Med | 0.42 | 6.5 | 0.01 | Aug 10, 2018 | PHP Scripts Mall advanced-real-estate-script 4.0.9 allows remote attackers to cause a denial of service (page structure loss) via crafted JavaScript code in the Name field of a profile. | ||
| CVE-2018-15185 | Med | 0.42 | 6.5 | 0.01 | Aug 10, 2018 | PHP Scripts Mall Naukri / Shine / Jobsite Clone Script 3.0.4 allows remote attackers to cause a denial of service (page update outage) via crafted PHP and JavaScript code in the "Current Position" field. | ||
| CVE-2019-20336 | Med | 0.40 | 6.1 | 0.01 | Jan 5, 2020 | In PHP Scripts Mall advanced-real-estate-script 4.0.9, the search-results.php searchtext parameter is vulnerable to XSS. | ||
| CVE-2019-1010028 | Med | 0.40 | 6.1 | 0.01 | Jul 15, 2019 | phpscriptsmall.com School College Portal with ERP Script 2.6.1 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Attack administrators and teachers, students and more. The component is: /pro-school/index.php?student/message/send_reply/. The attack vector is:… | ||
| CVE-2019-7554 | Med | 0.40 | 6.1 | 0.01 | Jun 6, 2019 | An issue was discovered in PHP Scripts Mall API Based Travel Booking 3.4.7. There is Reflected XSS via the flight-results.php d2 parameter. | ||
| CVE-2019-7437 | Med | 0.40 | 6.1 | 0.01 | Mar 21, 2019 | PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has reflected Cross-Site Scripting (XSS) via the Search field. | ||
| CVE-2018-20639 | Med | 0.40 | 6.1 | 0.01 | Mar 21, 2019 | PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has HTML injection via the Search Bar. | ||
| CVE-2019-8361 | Med | 0.40 | 6.1 | 0.01 | Feb 16, 2019 | PHP Scripts Mall Responsive Video News Script has XSS via the Search Bar. This might, for example, be leveraged for HTML injection or URL redirection. | ||
| CVE-2019-6248 | Med | 0.40 | 6.1 | 0.01 | Jan 13, 2019 | PHP Scripts Mall Citysearch / Hotfrog / Gelbeseiten Clone Script 2.0.1 has Reflected XSS via the srch parameter, as demonstrated by restaurants-details.php. | ||
| CVE-2018-16456 | Med | 0.40 | 6.1 | 0.01 | Oct 4, 2018 | PHP Scripts Mall Website Seller Script 2.0.5 has XSS via a keyword. NOTE: This may overlap with CVE-2018-6870 which has XSS via the Listings Search feature. | ||
| CVE-2018-16455 | Med | 0.40 | 6.1 | 0.01 | Oct 4, 2018 | PHP Scripts Mall Market Place Script 1.0.1 allows XSS via a keyword. | ||
| CVE-2018-16453 | Med | 0.40 | 6.1 | 0.01 | Oct 4, 2018 | PHP Scripts Mall Domain Lookup Script 3.0.5 allows XSS in the search bar. | ||
| CVE-2018-16326 | Med | 0.40 | 6.1 | 0.01 | Oct 4, 2018 | PHP Scripts Mall Olx Clone 3.4.2 has XSS. | ||
| CVE-2018-15183 | Med | 0.40 | 6.1 | 0.01 | Aug 9, 2018 | PHP Scripts Mall Myperfectresume / JobHero / Resume Clone Script 2.0.6 has Stored XSS via the Full Name and Title fields. | ||
| CVE-2018-13256 | Med | 0.40 | 6.1 | 0.01 | Jul 9, 2018 | PHP Scripts Mall Auditor Website 2.0.1 has XSS via the lastname or firstname parameter. | ||
| CVE-2018-6870 | Med | 0.40 | 6.1 | 0.01 | Apr 12, 2018 | Reflected XSS exists in PHP Scripts Mall Website Seller Script 2.0.3 via the Listings Search feature. | ||
| CVE-2018-9328 | Med | 0.40 | 6.1 | 0.01 | Apr 5, 2018 | PHP Scripts Mall Redbus Clone Script 3.0.6 has XSS via the ter_from or tag parameter to results.php. | ||
| CVE-2017-17958 | Med | 0.40 | 6.1 | 0.01 | Dec 28, 2017 | PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the my_wishlist.php fid parameter. | ||
| CVE-2017-17956 | Med | 0.40 | 6.1 | 0.01 | Dec 28, 2017 | PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the admin/sellerupd.php companyname parameter. | ||
| CVE-2017-17955 | Med | 0.40 | 6.1 | 0.01 | Dec 28, 2017 | PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the shopping-cart.php cusid parameter. | ||
| CVE-2017-17954 | Med | 0.40 | 6.1 | 0.01 | Dec 28, 2017 | PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the seller-view.php usid parameter. | ||
| CVE-2017-17953 | Med | 0.40 | 6.1 | 0.01 | Dec 28, 2017 | PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the category.php chid1 parameter. | ||
| CVE-2017-17907 | Med | 0.40 | 6.1 | 0.01 | Dec 27, 2017 | PHP Scripts Mall Car Rental Script has XSS via the admin/areaedit.php carid parameter or the admin/sitesettings.php websitename parameter. | ||
| CVE-2019-7553 | Med | 0.35 | 5.4 | 0.01 | Jun 6, 2019 | PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has Stored XSS in the Profile Update page via the My Name field. | ||
| CVE-2019-7552 | Med | 0.35 | 5.4 | 0.01 | Jun 6, 2019 | An issue was discovered in PHP Scripts Mall Investment MLM Software 2.0.2. Stored XSS was found in the the My Profile Section. This is due to lack of sanitization in the Edit Name section. | ||
| CVE-2019-9605 | Med | 0.35 | 5.4 | 0.01 | Mar 29, 2019 | PHP Scripts Mall Online Lottery PHP Readymade Script 1.7.0 has Reflected Cross-site Scripting (XSS) via the err value in a .ico picture upload. | ||
| CVE-2019-7435 | Med | 0.35 | 5.3 | 0.01 | Mar 21, 2019 | PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has reflected HTML injection via the Search Form. | ||
| CVE-2019-7432 | Med | 0.35 | 5.4 | 0.01 | Mar 21, 2019 | PHP Scripts Mall Rental Bike Script 2.0.3 has HTML injection via the STREET field in the Profile Edit section. | ||
| CVE-2019-7430 | Med | 0.35 | 5.3 | 0.01 | Mar 21, 2019 | PHP Scripts Mall Image Sharing Script 1.3.4 has HTML injection via the Search Bar. | ||
| CVE-2018-20645 | Med | 0.35 | 5.4 | 0.01 | Mar 21, 2019 | PHP Scripts Mall Basic B2B Script 2.0.9 has HTML injection via the First Name or Last Name field. | ||
| CVE-2018-20640 | Med | 0.35 | 5.4 | 0.01 | Mar 21, 2019 | PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has stored Cross-Site Scripting (XSS) via the Full Name field. | ||
| CVE-2018-20636 | Med | 0.35 | 5.4 | 0.01 | Mar 21, 2019 | PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has HTML injection via the First Name field. | ||
| CVE-2018-20632 | Med | 0.35 | 5.4 | 0.01 | Mar 21, 2019 | PHP Scripts Mall Advance B2B Script 2.1.4 has stored Cross-Site Scripting (XSS) via the FIRST NAME or LAST NAME field. | ||
| CVE-2018-20631 | Med | 0.35 | 5.3 | 0.02 | Mar 21, 2019 | PHP Scripts Mall Website Seller Script 2.0.5 allows full Path Disclosure via a request for an arbitrary image URL such as a .png file. | ||
| CVE-2018-20630 | Med | 0.35 | 5.3 | 0.02 | Mar 21, 2019 | PHP Scripts Mall Advance Crowdfunding Script 2.0.3 has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory. | ||
| CVE-2018-20629 | Med | 0.35 | 5.3 | 0.02 | Mar 21, 2019 | PHP Scripts Mall Charity Donation Script readymadeb2bscript has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory. |
- risk 0.42cvss 6.5epss 0.01
PHP Scripts Mall Rental Bike Script 2.0.3 has directory traversal via a direct request for a listing of an uploads directory.
- risk 0.42cvss 6.5epss 0.01
PHP Scripts Mall Image Sharing Script 1.3.4 has directory traversal via a direct request for a listing of an uploads directory.
- risk 0.42cvss 6.5epss 0.01
PHP Scripts Mall Property Rental Software 2.1.4 has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2016/08 directory.
- risk 0.42cvss 6.5epss 0.02
PHP Scripts Mall Car Rental Script 2.0.8 has directory traversal via a direct request for a listing of an image directory such as an images/ directory.
- risk 0.42cvss 6.5epss 0.02
PHP Scripts Mall Basic B2B Script 2.0.9 has has directory traversal via a direct request for a listing of an image directory such as an uploads/ directory.
- risk 0.42cvss 6.5epss 0.02
PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory.
- risk 0.42cvss 6.5epss 0.02
PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 allows remote attackers to cause a denial of service (outage of profile editing) via crafted JavaScript code in the KeySkills field.
- risk 0.42cvss 6.5epss 0.01
PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory.
- risk 0.42cvss 6.5epss 0.02
PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 allows remote attackers to cause a denial of service (unrecoverable blank profile) via crafted JavaScript code in the First Name and Last Name field.
- risk 0.42cvss 6.5epss 0.02
PHP Scripts Mall Advance B2B Script 2.1.4 allows remote attackers to cause a denial of service (changed Page structure) via JavaScript code in the First Name field.
- risk 0.42cvss 6.5epss 0.02
PHP Scripts Mall Consumer Reviews Script 4.0.3 has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory.
- risk 0.42cvss 6.5epss 0.01
PHP Scripts Mall Custom T-Shirt Ecommerce Script 3.1.1 allows parameter tampering of the payment amount.
- risk 0.42cvss 6.5epss 0.01
PHP Scripts Mall Auction website script 2.0.4 allows parameter tampering of the payment amount.
- risk 0.42cvss 6.5epss 0.01
PHP Scripts Mall Website Seller Script 2.0.5 allows remote attackers to cause a denial of service via crafted JavaScript code in the First Name, Last Name, Company Name, or Fax field, as demonstrated by crossPwn.
- risk 0.42cvss 6.5epss 0.01
PHP Scripts Mall advanced-real-estate-script 4.0.9 allows remote attackers to cause a denial of service (page structure loss) via crafted JavaScript code in the Name field of a profile.
- risk 0.42cvss 6.5epss 0.01
PHP Scripts Mall Naukri / Shine / Jobsite Clone Script 3.0.4 allows remote attackers to cause a denial of service (page update outage) via crafted PHP and JavaScript code in the "Current Position" field.
- risk 0.40cvss 6.1epss 0.01
In PHP Scripts Mall advanced-real-estate-script 4.0.9, the search-results.php searchtext parameter is vulnerable to XSS.
- risk 0.40cvss 6.1epss 0.01
phpscriptsmall.com School College Portal with ERP Script 2.6.1 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Attack administrators and teachers, students and more. The component is: /pro-school/index.php?student/message/send_reply/. The attack vector is:…
- risk 0.40cvss 6.1epss 0.01
An issue was discovered in PHP Scripts Mall API Based Travel Booking 3.4.7. There is Reflected XSS via the flight-results.php d2 parameter.
- risk 0.40cvss 6.1epss 0.01
PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has reflected Cross-Site Scripting (XSS) via the Search field.
- risk 0.40cvss 6.1epss 0.01
PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has HTML injection via the Search Bar.
- risk 0.40cvss 6.1epss 0.01
PHP Scripts Mall Responsive Video News Script has XSS via the Search Bar. This might, for example, be leveraged for HTML injection or URL redirection.
- risk 0.40cvss 6.1epss 0.01
PHP Scripts Mall Citysearch / Hotfrog / Gelbeseiten Clone Script 2.0.1 has Reflected XSS via the srch parameter, as demonstrated by restaurants-details.php.
- risk 0.40cvss 6.1epss 0.01
PHP Scripts Mall Website Seller Script 2.0.5 has XSS via a keyword. NOTE: This may overlap with CVE-2018-6870 which has XSS via the Listings Search feature.
- risk 0.40cvss 6.1epss 0.01
PHP Scripts Mall Market Place Script 1.0.1 allows XSS via a keyword.
- risk 0.40cvss 6.1epss 0.01
PHP Scripts Mall Domain Lookup Script 3.0.5 allows XSS in the search bar.
- risk 0.40cvss 6.1epss 0.01
PHP Scripts Mall Olx Clone 3.4.2 has XSS.
- risk 0.40cvss 6.1epss 0.01
PHP Scripts Mall Myperfectresume / JobHero / Resume Clone Script 2.0.6 has Stored XSS via the Full Name and Title fields.
- risk 0.40cvss 6.1epss 0.01
PHP Scripts Mall Auditor Website 2.0.1 has XSS via the lastname or firstname parameter.
- risk 0.40cvss 6.1epss 0.01
Reflected XSS exists in PHP Scripts Mall Website Seller Script 2.0.3 via the Listings Search feature.
- risk 0.40cvss 6.1epss 0.01
PHP Scripts Mall Redbus Clone Script 3.0.6 has XSS via the ter_from or tag parameter to results.php.
- risk 0.40cvss 6.1epss 0.01
PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the my_wishlist.php fid parameter.
- risk 0.40cvss 6.1epss 0.01
PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the admin/sellerupd.php companyname parameter.
- risk 0.40cvss 6.1epss 0.01
PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the shopping-cart.php cusid parameter.
- risk 0.40cvss 6.1epss 0.01
PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the seller-view.php usid parameter.
- risk 0.40cvss 6.1epss 0.01
PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the category.php chid1 parameter.
- risk 0.40cvss 6.1epss 0.01
PHP Scripts Mall Car Rental Script has XSS via the admin/areaedit.php carid parameter or the admin/sitesettings.php websitename parameter.
- risk 0.35cvss 5.4epss 0.01
PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has Stored XSS in the Profile Update page via the My Name field.
- risk 0.35cvss 5.4epss 0.01
An issue was discovered in PHP Scripts Mall Investment MLM Software 2.0.2. Stored XSS was found in the the My Profile Section. This is due to lack of sanitization in the Edit Name section.
- risk 0.35cvss 5.4epss 0.01
PHP Scripts Mall Online Lottery PHP Readymade Script 1.7.0 has Reflected Cross-site Scripting (XSS) via the err value in a .ico picture upload.
- risk 0.35cvss 5.3epss 0.01
PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has reflected HTML injection via the Search Form.
- risk 0.35cvss 5.4epss 0.01
PHP Scripts Mall Rental Bike Script 2.0.3 has HTML injection via the STREET field in the Profile Edit section.
- risk 0.35cvss 5.3epss 0.01
PHP Scripts Mall Image Sharing Script 1.3.4 has HTML injection via the Search Bar.
- risk 0.35cvss 5.4epss 0.01
PHP Scripts Mall Basic B2B Script 2.0.9 has HTML injection via the First Name or Last Name field.
- risk 0.35cvss 5.4epss 0.01
PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has stored Cross-Site Scripting (XSS) via the Full Name field.
- risk 0.35cvss 5.4epss 0.01
PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has HTML injection via the First Name field.
- risk 0.35cvss 5.4epss 0.01
PHP Scripts Mall Advance B2B Script 2.1.4 has stored Cross-Site Scripting (XSS) via the FIRST NAME or LAST NAME field.
- risk 0.35cvss 5.3epss 0.02
PHP Scripts Mall Website Seller Script 2.0.5 allows full Path Disclosure via a request for an arbitrary image URL such as a .png file.
- risk 0.35cvss 5.3epss 0.02
PHP Scripts Mall Advance Crowdfunding Script 2.0.3 has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory.
- risk 0.35cvss 5.3epss 0.02
PHP Scripts Mall Charity Donation Script readymadeb2bscript has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory.
Page 2 of 3