CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-6867 – Alibaba Clone Script 1.0.2 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2018-6867
Cross Site Scripting (XSS) exists in PHP Scripts Mall Alibaba Clone Script 1.0.2 via a profile parameter. Existe Cross-Site Scripting (XSS) en PHP Scripts Mall Alibaba Clone Script 1.0.2 mediante un parámetro del perfil. Alibaba Clone Script version 1.0.2 suffers from a persistent cross site scripting vulnerability. • https://exploit-db.com/exploits/44171 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2014-5976
https://notcve.org/view.php?id=CVE-2014-5976
The alibaba (aka com.alibaba.wireless) application 4.1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. La aplicación alibaba 4.1.0.0 (también conocida como com.alibaba.wireless) para Android no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle falsificar servidores y obtener información sensible a través de un certificado manipulado. • http://www.kb.cert.org/vuls/id/366897 http://www.kb.cert.org/vuls/id/582497 https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing • CWE-310: Cryptographic Issues •