5 results (0.007 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

In PHP Scripts Mall advanced-real-estate-script 4.0.9, the search-results.php searchtext parameter is vulnerable to XSS. En PHP Scripts Mall advanced-real-estate-script versión 4.0.9, el parámetro searchtext del archivo search-results.php es vulnerable a un ataque de tipo XSS. • https://github.com/Mad-robot/CVE-List/blob/master/Advanced%20Real%20Estate%20Script.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1

In PHP Scripts Mall advanced-real-estate-script 4.0.9, the news_edit.php news_id parameter is vulnerable to SQL Injection. En PHP Scripts Mall advanced-real-estate-script versión 4.0.9, el parámetro news_id del archivo news_edit.php es vulnerable a una inyección SQL. • https://github.com/Mad-robot/CVE-List/blob/master/Advanced%20Real%20Estate%20Script.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

PHP Scripts Mall advanced-real-estate-script has XSS via the Name field of a profile. PHP Scripts Mall advanced-real-estate-script tiene Cross-Site Scripting (XSS) mediante el campo "Name" de un perfil. • https://gkaim.com/cve-2018-15189-vikas-chaudhary • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

PHP Scripts Mall advanced-real-estate-script 4.0.9 allows remote attackers to cause a denial of service (page structure loss) via crafted JavaScript code in the Name field of a profile. PHP Scripts Mall advanced-real-estate-script 4.0.9 permite que atacantes remotos provoquen una denegación de servicio (pérdida de la estructura de la página) mediante código JavaScript manipulado en el campo "Name" de un perfil. • https://gkaim.com/cve-2018-15188-vikas-chaudhary • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 1

PHP Scripts Mall advanced-real-estate-script 4.0.9 has CSRF via edit-profile.php. PHP Scripts Mall advanced-real-estate-script 4.0.9 tiene Cross-Site Request Forgery (CSRF) mediante edit-profile.php. • https://gkaim.com/cve-2018-15187-vikas-chaudhary • CWE-352: Cross-Site Request Forgery (CSRF) •