13 results (0.011 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

waimai Super Cms 20150505 contains a cross-site scripting (XSS) vulnerability in the component /admin.php?m=Config&a=add. waimai Super Cms versión 20150505, contiene una vulnerabilidad de tipo cross-site scripting (XSS) en el componente /admin.php?m=Config&a=add • https://github.com/caokang/waimai/issues/16 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

waimai Super Cms 20150505 contains a cross-site scripting (XSS) vulnerability in the component /admin.php/Link/addsave. waimai Super Cms versión 20150505, contiene una vulnerabilidad de tipo cross-site scripting (XSS) en el componente /admin.php/Link/addsave • https://github.com/caokang/waimai/issues/16 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

waimai Super Cms 20150505 contains a cross-site scripting (XSS) vulnerability in the component /admin.php?&m=Public&a=login. waimai Super Cms versión 20150505, contiene una vulnerabilidad de tipo cross-site scripting (XSS) en el componente /admin.php?&m=Public&a=login • https://github.com/caokang/waimai/issues/16 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

waimai Super Cms 20150505 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture. By setting the index.php?m=gift&a=addsave credit parameter to -1, the product is sold for free. waimai Super Cms versión 20150505, presenta un fallo lógico permitiendo a atacantes modificar un precio, antes del envío del formulario, observando los datos en una captura de paquetes. Al establecer el parámetro index.php?m=gift&a=addsave credit a -1, el producto se vende gratis • https://github.com/caokang/waimai/issues/15 • CWE-668: Exposure of Resource to Wrong Sphere •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

In waimai Super Cms 20150505, there is an XSS vulnerability via the /admin.php/Foodcat/addsave fcname parameter. Existe una vulnerabilidad de XSS en Waimai Super Cms 20150505, a través del parámetro /admin.php/Foodcat/addsave fcname. • https://github.com/caokang/waimai/issues/7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •