CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2018-20631
https://notcve.org/view.php?id=CVE-2018-20631
PHP Scripts Mall Website Seller Script 2.0.5 allows full Path Disclosure via a request for an arbitrary image URL such as a .png file. PHP Scripts Mall Website Seller Script 2.0.5 permite la divulgación de la ruta completa mediante una petición para una URL de imagen arbitraria, como un archivo .png. • https://gkaim.com/cve-2018-20631-vikas-chaudhary • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-20530
https://notcve.org/view.php?id=CVE-2018-20530
PHP Scripts Mall Website Seller Script 2.0.5 has XSS via a Profile field such as Company Address, a related issue to CVE-2018-15896. PHP Scripts Mall Website Seller Script 2.0.5 tiene Cross-Site Scripting (XSS) mediante un campo de Profile como Company Address. Esto está relacionado con CVE-2018-15896. • https://suku90.wordpress.com/2018/12/27/php-scripts-mall-website-seller-script-2-0-5-stored-and-reflected-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16456
https://notcve.org/view.php?id=CVE-2018-16456
PHP Scripts Mall Website Seller Script 2.0.5 has XSS via a keyword. NOTE: This may overlap with CVE-2018-6870 which has XSS via the Listings Search feature. PHP Scripts Mall Website Seller Script 2.0.5 tiene Cross-Site Scripting (XSS) mediante una palabra clave. NOTA: puede solaparse con CVE-2018-6870, que tiene Cross-Site Scripting (XSS) mediante la característica Listings Search. • https://googlequeens.com/2018/09/04/cve-2018-16456-website-seller-scriptwebsite-seller-script-2-0-5-stored-xss-via-search-by-keyword • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-15896
https://notcve.org/view.php?id=CVE-2018-15896
PHP Scripts Mall Website Seller Script 2.0.5 has XSS via Personal Address or Company Name. PHP Scripts Mall Website Seller Script 2.0.5 tiene Cross-Site Scripting (XSS) mediante Personal Address o Company Name. • https://gkaim.com/cve-2018-15896-vikas-chaudhary • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-15897
https://notcve.org/view.php?id=CVE-2018-15897
PHP Scripts Mall Website Seller Script 2.0.5 allows remote attackers to cause a denial of service via crafted JavaScript code in the First Name, Last Name, Company Name, or Fax field, as demonstrated by crossPwn. PHP Scripts Mall Website Seller Script 2.0.5 permite que atacantes remotos provoquen una denegación de servicio (DoS) mediante código JavaScript manipulado en los campos "First Name", "Last Name", "Company Name" o "Fax", tal y como queda demostrado con crossPwn. • https://gkaim.com/cve-2018-15897-vikas-chaudhary • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •