CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-28991
https://notcve.org/view.php?id=CVE-2022-28991
20 May 2022 — Multi Store Inventory Management System v1.0 was discovered to contain an information disclosure vulnerability which allows attackers to access sensitive files. Se ha detectado que Multi Store Inventory Management System versión v1.0, contiene una vulnerabilidad de divulgación de información que permite a atacantes acceder a archivos confidenciales • https://packetstormsecurity.com/files/166590/Multi-Store-Inventory-Management-System-1.0-Information-Disclosure.html • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36012
https://notcve.org/view.php?id=CVE-2020-36012
27 Jan 2021 — Stored XSS vulnerability in BDTASK Multi-Store Inventory Management System 1.0 allows a local admin to inject arbitrary code via the Customer Name Field. Una vulnerabilidad de tipo XSS almacenado en BDTASK Multi-Store Inventory Management System versión 1.0, permite a un administrador local inyectar código arbitrario por medio del Customer Name Field • http://bdtask.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 2%CPEs: 1EXPL: 5CVE-2020-13426 – multi Scheduler <= 1.0.0 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2020-13426
21 May 2020 — The Multi-Scheduler plugin 1.0.0 for WordPress has a Cross-Site Request Forgery (CSRF) vulnerability in the forms it presents, allowing the possibility of deleting records (users) when an ID is known. El plugin Multi-Scheduler 1.0.0 para WordPress, presenta una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en los formularios que presenta, lo que permite la posibilidad de eliminar registros (usuarios) cuando se conoce un ID • https://0day.today/exploit/34496 • CWE-352: Cross-Site Request Forgery (CSRF) •