Page 2 of 9 results (0.007 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

XSS exists in Waimai Super Cms 20150505 via the fname parameter to the admin.php?m=Food&a=addsave or admin.php?m=Food&a=editsave URI. Existe Cross-Site Scripting (XSS) en Waimai Super Cms 20150505 mediante el parámetro fname en los URI admin.php?m=Fooda=addsave o admin.php? • https://github.com/caokang/waimai/issues/6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

In waimai Super Cms 20150505, there is a CSRF vulnerability that can change the configuration via admin.php?m=Config&a=add. En waimai Super Cms 20150505, hay una vulnerabilidad de Cross-Site Request Forgery (CSRF) que puede cambiar la configuración mediante admin.php?m=Configa=add. • https://github.com/caokang/waimai/issues/3 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1

waimai Super Cms 20150505 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture. By setting the index.php?m=cart&a=save item_totals parameter to zero, the entire cart is sold for free. waimai Super Cms 20150505 tiene un error de lógica que permite que atacantes modifiquen un precio, antes del envío de un formulario, observando los datos en una captura de paquetes. Al establecer el parámetro index.php?m=carta=save item_totals como cero, todo el carrito de la compra se vende gratis. • https://github.com/caokang/waimai/issues/5 •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0

In waimai Super Cms 20150505, there is stored XSS via the /admin.php/Foodcat/editsave fcname parameter. In waimai Super Cms 20150505,hay Cross-Site Scripting (XSS) persistente mediante el parámetro fcname en /admin.php/Foodcat/editsave. • https://github.com/caokang/waimai/issues/4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •