Vendor CVEs
PHP Scripts Mall
All CVEs
145 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-20627 | Med | 0.35 | 5.4 | 0.01 | Mar 21, 2019 | PHP Scripts Mall Consumer Reviews Script 4.0.3 has HTML injection via the search box. | ||
| CVE-2019-9607 | Med | 0.35 | 5.3 | 0.02 | Mar 6, 2019 | PHP Scripts Mall Medical Store Script 3.0.3 allows Path Traversal by navigating to the parent directory of a jpg or png file. | ||
| CVE-2019-9606 | Med | 0.35 | 5.4 | 0.01 | Mar 6, 2019 | PHP Scripts Mall Personal Video Collection Script 4.0.4 has Stored XSS via the "Update profile" feature. | ||
| CVE-2019-9066 | Med | 0.35 | 5.4 | 0.01 | Feb 23, 2019 | PHP Scripts Mall PHP Appointment Booking Script 3.0.3 allows HTML injection in a user profile. | ||
| CVE-2019-9064 | Med | 0.35 | 5.3 | 0.02 | Feb 23, 2019 | PHP Scripts Mall Cab Booking Script 1.0.3 allows Directory Traversal into the parent directory of a jpg or png file. | ||
| CVE-2018-20530 | Med | 0.35 | 5.4 | 0.01 | Dec 28, 2018 | PHP Scripts Mall Website Seller Script 2.0.5 has XSS via a Profile field such as Company Address, a related issue to CVE-2018-15896. | ||
| CVE-2018-20138 | Med | 0.35 | 5.4 | 0.01 | Dec 13, 2018 | PHP Scripts Mall Entrepreneur B2B Script 3.0.6 allows Stored XSS via Account Settings fields such as FirstName and LastName, a similar issue to CVE-2018-14541. | ||
| CVE-2018-16457 | Med | 0.35 | 5.3 | 0.02 | Oct 4, 2018 | PHP Scripts Mall Open Source Real-estate Script 3.6.2 allows remote attackers to list the wp-content/themes/template_dp_dec2015/img directory. | ||
| CVE-2018-15896 | Med | 0.35 | 5.4 | 0.01 | Aug 28, 2018 | PHP Scripts Mall Website Seller Script 2.0.5 has XSS via Personal Address or Company Name. | ||
| CVE-2018-15189 | Med | 0.35 | 5.4 | 0.01 | Aug 10, 2018 | PHP Scripts Mall advanced-real-estate-script has XSS via the Name field of a profile. | ||
| CVE-2018-15184 | Med | 0.35 | 5.4 | 0.01 | Aug 9, 2018 | PHP Scripts Mall Naukri / Shine / Jobsite Clone Script 3.0.4 has Stored XSS via the USERNAME field, a related issue to CVE-2018-6795. | ||
| CVE-2018-15182 | Med | 0.35 | 5.4 | 0.01 | Aug 9, 2018 | PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the FirstName and LastName fields. | ||
| CVE-2018-14541 | Med | 0.35 | 5.4 | 0.01 | Aug 4, 2018 | PHP Scripts Mall Basic B2B Script 2.0.0 has Reflected and Stored XSS via the First name, Last name, Address 1, City, State, and Company name fields. | ||
| CVE-2018-14082 | Med | 0.35 | 5.4 | 0.01 | Jul 18, 2018 | PHP Scripts Mall JOB SITE (aka Job Portal) 3.0.1 has Cross-site Scripting (XSS) via the search bar. | ||
| CVE-2018-6935 | Med | 0.35 | 5.4 | 0.01 | Apr 12, 2018 | PHP Scripts Mall Student Profile Management System Script v2.0.6 has XSS via the Name field to list_student.php. | ||
| CVE-2018-6904 | Med | 0.35 | 5.4 | 0.01 | Apr 12, 2018 | PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the User Name field in an Edit Profile action. | ||
| CVE-2018-6902 | Med | 0.35 | 5.4 | 0.01 | Apr 12, 2018 | PHP Scripts Mall Image Sharing Script 1.3.3 has XSS via the Full Name field in an Edit Profile action. | ||
| CVE-2018-6900 | Med | 0.35 | 5.4 | 0.01 | Apr 12, 2018 | PHP Scripts Mall Website Broker Script 3.0.6 has XSS via the Last Name field on the My Profile page. | ||
| CVE-2018-6868 | Med | 0.35 | 5.4 | 0.01 | Feb 23, 2018 | Cross Site Scripting (XSS) exists in PHP Scripts Mall Slickdeals / DealNews / Groupon Clone Script 3.0.2 via a User Profile Field parameter. | ||
| CVE-2018-6867 | Med | 0.35 | 5.4 | 0.01 | Feb 23, 2018 | Cross Site Scripting (XSS) exists in PHP Scripts Mall Alibaba Clone Script 1.0.2 via a profile parameter. | ||
| CVE-2018-6866 | Med | 0.35 | 5.4 | 0.02 | Feb 23, 2018 | Cross Site Scripting (XSS) exists in PHP Scripts Mall Learning and Examination Management System Script 2.3.1 via a crafted message. | ||
| CVE-2018-6864 | Med | 0.35 | 5.4 | 0.01 | Feb 12, 2018 | Cross Site Scripting (XSS) exists in PHP Scripts Mall Multi religion Responsive Matrimonial 4.7.2 via a user profile update parameter. | ||
| CVE-2018-6862 | Med | 0.35 | 5.4 | 0.01 | Feb 12, 2018 | Cross Site Scripting (XSS) exists in PHP Scripts Mall Bitcoin MLM Software 1.0.2 via a profile field. | ||
| CVE-2018-6861 | Med | 0.35 | 5.4 | 0.01 | Feb 12, 2018 | Cross Site Scripting (XSS) exists in PHP Scripts Mall Lawyer Search Script 1.0.2 via a profile update parameter. | ||
| CVE-2018-6858 | Med | 0.35 | 5.4 | 0.01 | Feb 12, 2018 | Cross Site Scripting (XSS) exists in PHP Scripts Mall Facebook Clone Script. | ||
| CVE-2018-6878 | Med | 0.35 | 5.4 | 0.01 | Feb 9, 2018 | Cross Site Scripting (XSS) exists in the review section in PHP Scripts Mall Hot Scripts Clone Script Classified 3.1 via the title or description field. | ||
| CVE-2018-6796 | Med | 0.35 | 5.4 | 0.01 | Feb 7, 2018 | PHP Scripts Mall Multilanguage Real Estate MLM Script 3.0 has Stored XSS via every profile input field. | ||
| CVE-2018-6795 | Med | 0.35 | 5.4 | 0.01 | Feb 7, 2018 | PHP Scripts Mall Naukri Clone Script 3.0.3 has Stored XSS via every profile input field. | ||
| CVE-2018-6655 | Med | 0.35 | 5.4 | 0.01 | Feb 7, 2018 | PHP Scripts Mall Doctor Search Script 1.0.2 has Stored XSS via an arbitrary profile field. | ||
| CVE-2017-17981 | Med | 0.35 | 5.4 | 0.00 | Dec 30, 2017 | PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/slider_edit.php edit_id parameter. | ||
| CVE-2017-17927 | Med | 0.35 | 5.3 | 0.02 | Dec 27, 2017 | PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via a crafted PATH_INFO to service-list/category/. | ||
| CVE-2017-17926 | Med | 0.35 | 5.3 | 0.01 | Dec 27, 2017 | PHP Scripts Mall Professional Service Script has a predicable registration URL, which makes it easier for remote attackers to register with an invalid or spoofed e-mail address. | ||
| CVE-2017-17924 | Med | 0.35 | 5.3 | 0.02 | Dec 27, 2017 | PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via the id parameter to admin/review_userwise.php. | ||
| CVE-2018-7650 | Med | 0.31 | 4.8 | 0.01 | Mar 6, 2018 | PHP Scripts Mall Hot Scripts Clone:Script Classified Version 3.1 Application is vulnerable to stored XSS within the "Add New" function for a Management User. Within the "Add New" section, the application does not sanitize user supplied input to the name parameter, and renders… | ||
| CVE-2018-7469 | Med | 0.31 | 4.8 | 0.01 | Feb 28, 2018 | PHP Scripts Mall Entrepreneur Job Portal Script 2.0.9 has XSS via the p_name (aka Edit Category Name) field to admin/categories_industry.php (aka Categories - Industry Type). | ||
| CVE-2017-17988 | Med | 0.31 | 4.8 | 0.01 | Dec 30, 2017 | PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/event_add.php event_title parameter. | ||
| CVE-2017-17986 | Med | 0.31 | 4.8 | 0.01 | Dec 30, 2017 | PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/caste_view.php comm_id parameter. | ||
| CVE-2017-17985 | Med | 0.31 | 4.8 | 0.01 | Dec 30, 2017 | PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/state_view.php cou_id parameter. | ||
| CVE-2017-17984 | Med | 0.31 | 4.8 | 0.01 | Dec 30, 2017 | PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/event_edit.php edit_id parameter. | ||
| CVE-2017-17940 | Med | 0.31 | 4.8 | 0.01 | Dec 28, 2017 | PHP Scripts Mall Single Theater Booking has XSS via the title parameter to admin/sitesettings.php. | ||
| CVE-2017-17938 | Med | 0.31 | 4.8 | 0.01 | Dec 28, 2017 | PHP Scripts Mall Single Theater Booking has XSS via the admin/viewtheatre.php theatreid parameter. | ||
| CVE-2017-17929 | Med | 0.31 | 4.8 | 0.01 | Dec 27, 2017 | PHP Scripts Mall Professional Service Script has XSS via the admin/bannerview.php view parameter. | ||
| CVE-2017-17925 | Med | 0.31 | 4.8 | 0.01 | Dec 27, 2017 | PHP Scripts Mall Professional Service Script has XSS via the admin/general_settingupd.php website_title parameter. | ||
| CVE-2017-17909 | Med | 0.31 | 4.8 | 0.00 | Dec 27, 2017 | PHP Scripts Mall Responsive Realestate Script has XSS via the admin/general.php gplus parameter. | ||
| CVE-2018-20635 | Med | 0.28 | 4.3 | 0.01 | Mar 21, 2019 | PHP Scripts Mall Advance B2B Script 2.1.4 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory. |
- risk 0.35cvss 5.4epss 0.01
PHP Scripts Mall Consumer Reviews Script 4.0.3 has HTML injection via the search box.
- risk 0.35cvss 5.3epss 0.02
PHP Scripts Mall Medical Store Script 3.0.3 allows Path Traversal by navigating to the parent directory of a jpg or png file.
- risk 0.35cvss 5.4epss 0.01
PHP Scripts Mall Personal Video Collection Script 4.0.4 has Stored XSS via the "Update profile" feature.
- risk 0.35cvss 5.4epss 0.01
PHP Scripts Mall PHP Appointment Booking Script 3.0.3 allows HTML injection in a user profile.
- risk 0.35cvss 5.3epss 0.02
PHP Scripts Mall Cab Booking Script 1.0.3 allows Directory Traversal into the parent directory of a jpg or png file.
- risk 0.35cvss 5.4epss 0.01
PHP Scripts Mall Website Seller Script 2.0.5 has XSS via a Profile field such as Company Address, a related issue to CVE-2018-15896.
- risk 0.35cvss 5.4epss 0.01
PHP Scripts Mall Entrepreneur B2B Script 3.0.6 allows Stored XSS via Account Settings fields such as FirstName and LastName, a similar issue to CVE-2018-14541.
- risk 0.35cvss 5.3epss 0.02
PHP Scripts Mall Open Source Real-estate Script 3.6.2 allows remote attackers to list the wp-content/themes/template_dp_dec2015/img directory.
- risk 0.35cvss 5.4epss 0.01
PHP Scripts Mall Website Seller Script 2.0.5 has XSS via Personal Address or Company Name.
- risk 0.35cvss 5.4epss 0.01
PHP Scripts Mall advanced-real-estate-script has XSS via the Name field of a profile.
- risk 0.35cvss 5.4epss 0.01
PHP Scripts Mall Naukri / Shine / Jobsite Clone Script 3.0.4 has Stored XSS via the USERNAME field, a related issue to CVE-2018-6795.
- risk 0.35cvss 5.4epss 0.01
PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the FirstName and LastName fields.
- risk 0.35cvss 5.4epss 0.01
PHP Scripts Mall Basic B2B Script 2.0.0 has Reflected and Stored XSS via the First name, Last name, Address 1, City, State, and Company name fields.
- risk 0.35cvss 5.4epss 0.01
PHP Scripts Mall JOB SITE (aka Job Portal) 3.0.1 has Cross-site Scripting (XSS) via the search bar.
- risk 0.35cvss 5.4epss 0.01
PHP Scripts Mall Student Profile Management System Script v2.0.6 has XSS via the Name field to list_student.php.
- risk 0.35cvss 5.4epss 0.01
PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the User Name field in an Edit Profile action.
- risk 0.35cvss 5.4epss 0.01
PHP Scripts Mall Image Sharing Script 1.3.3 has XSS via the Full Name field in an Edit Profile action.
- risk 0.35cvss 5.4epss 0.01
PHP Scripts Mall Website Broker Script 3.0.6 has XSS via the Last Name field on the My Profile page.
- risk 0.35cvss 5.4epss 0.01
Cross Site Scripting (XSS) exists in PHP Scripts Mall Slickdeals / DealNews / Groupon Clone Script 3.0.2 via a User Profile Field parameter.
- risk 0.35cvss 5.4epss 0.01
Cross Site Scripting (XSS) exists in PHP Scripts Mall Alibaba Clone Script 1.0.2 via a profile parameter.
- risk 0.35cvss 5.4epss 0.02
Cross Site Scripting (XSS) exists in PHP Scripts Mall Learning and Examination Management System Script 2.3.1 via a crafted message.
- risk 0.35cvss 5.4epss 0.01
Cross Site Scripting (XSS) exists in PHP Scripts Mall Multi religion Responsive Matrimonial 4.7.2 via a user profile update parameter.
- risk 0.35cvss 5.4epss 0.01
Cross Site Scripting (XSS) exists in PHP Scripts Mall Bitcoin MLM Software 1.0.2 via a profile field.
- risk 0.35cvss 5.4epss 0.01
Cross Site Scripting (XSS) exists in PHP Scripts Mall Lawyer Search Script 1.0.2 via a profile update parameter.
- risk 0.35cvss 5.4epss 0.01
Cross Site Scripting (XSS) exists in PHP Scripts Mall Facebook Clone Script.
- risk 0.35cvss 5.4epss 0.01
Cross Site Scripting (XSS) exists in the review section in PHP Scripts Mall Hot Scripts Clone Script Classified 3.1 via the title or description field.
- risk 0.35cvss 5.4epss 0.01
PHP Scripts Mall Multilanguage Real Estate MLM Script 3.0 has Stored XSS via every profile input field.
- risk 0.35cvss 5.4epss 0.01
PHP Scripts Mall Naukri Clone Script 3.0.3 has Stored XSS via every profile input field.
- risk 0.35cvss 5.4epss 0.01
PHP Scripts Mall Doctor Search Script 1.0.2 has Stored XSS via an arbitrary profile field.
- risk 0.35cvss 5.4epss 0.00
PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/slider_edit.php edit_id parameter.
- risk 0.35cvss 5.3epss 0.02
PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via a crafted PATH_INFO to service-list/category/.
- risk 0.35cvss 5.3epss 0.01
PHP Scripts Mall Professional Service Script has a predicable registration URL, which makes it easier for remote attackers to register with an invalid or spoofed e-mail address.
- risk 0.35cvss 5.3epss 0.02
PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via the id parameter to admin/review_userwise.php.
- risk 0.31cvss 4.8epss 0.01
PHP Scripts Mall Hot Scripts Clone:Script Classified Version 3.1 Application is vulnerable to stored XSS within the "Add New" function for a Management User. Within the "Add New" section, the application does not sanitize user supplied input to the name parameter, and renders…
- risk 0.31cvss 4.8epss 0.01
PHP Scripts Mall Entrepreneur Job Portal Script 2.0.9 has XSS via the p_name (aka Edit Category Name) field to admin/categories_industry.php (aka Categories - Industry Type).
- risk 0.31cvss 4.8epss 0.01
PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/event_add.php event_title parameter.
- risk 0.31cvss 4.8epss 0.01
PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/caste_view.php comm_id parameter.
- risk 0.31cvss 4.8epss 0.01
PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/state_view.php cou_id parameter.
- risk 0.31cvss 4.8epss 0.01
PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/event_edit.php edit_id parameter.
- risk 0.31cvss 4.8epss 0.01
PHP Scripts Mall Single Theater Booking has XSS via the title parameter to admin/sitesettings.php.
- risk 0.31cvss 4.8epss 0.01
PHP Scripts Mall Single Theater Booking has XSS via the admin/viewtheatre.php theatreid parameter.
- risk 0.31cvss 4.8epss 0.01
PHP Scripts Mall Professional Service Script has XSS via the admin/bannerview.php view parameter.
- risk 0.31cvss 4.8epss 0.01
PHP Scripts Mall Professional Service Script has XSS via the admin/general_settingupd.php website_title parameter.
- risk 0.31cvss 4.8epss 0.00
PHP Scripts Mall Responsive Realestate Script has XSS via the admin/general.php gplus parameter.
- risk 0.28cvss 4.3epss 0.01
PHP Scripts Mall Advance B2B Script 2.1.4 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory.
Page 3 of 3