CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2018-6867 – Alibaba Clone Script 1.0.2 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2018-6867
23 Feb 2018 — Cross Site Scripting (XSS) exists in PHP Scripts Mall Alibaba Clone Script 1.0.2 via a profile parameter. Existe Cross-Site Scripting (XSS) en PHP Scripts Mall Alibaba Clone Script 1.0.2 mediante un parámetro del perfil. Alibaba Clone Script version 1.0.2 suffers from a persistent cross site scripting vulnerability. • https://packetstorm.news/files/id/146554 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2014-5976
https://notcve.org/view.php?id=CVE-2014-5976
20 Sep 2014 — The alibaba (aka com.alibaba.wireless) application 4.1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. La aplicación alibaba 4.1.0.0 (también conocida como com.alibaba.wireless) para Android no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle falsificar servidores y obtener información sensible a través de un certificado... • http://www.kb.cert.org/vuls/id/366897 • CWE-310: Cryptographic Issues •
CVSS: 9.8EPSS: 12%CPEs: 1EXPL: 2CVE-2007-0827 – Alibaba Alipay - Remove ActiveX Remote Code Execution
https://notcve.org/view.php?id=CVE-2007-0827
07 Feb 2007 — The Alibaba Alipay PTA Module ActiveX control (PTA.DLL) allows remote attackers to execute arbitrary code via a JavaScript function that invokes the Remove method with an invalid index argument, which is used as an offset for a function call. El control ActiveX de Alibaba Alipay PTA Module (PTA.DLL), permite a atacantes remotos ejecutar código arbitrario por medio de una función JavaScript que invoca el método Remove con un argumento index no válido, que es usado como un desplazamiento para una llamada de f... • https://www.exploit-db.com/exploits/3279 •