13 results (0.007 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-21506

https://notcve.org/view.php?id=CVE-2020-21506

05 Oct 2021 — waimai Super Cms 20150505 contains a cross-site scripting (XSS) vulnerability in the component /admin.php?m=Config&a=add. waimai Super Cms versión 20150505, contiene una vulnerabilidad de tipo cross-site scripting (XSS) en el componente /admin.php?m=Config&a=add • https://github.com/caokang/waimai/issues/16 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-21505

https://notcve.org/view.php?id=CVE-2020-21505

05 Oct 2021 — waimai Super Cms 20150505 contains a cross-site scripting (XSS) vulnerability in the component /admin.php/Link/addsave. waimai Super Cms versión 20150505, contiene una vulnerabilidad de tipo cross-site scripting (XSS) en el componente /admin.php/Link/addsave • https://github.com/caokang/waimai/issues/16 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-21504

https://notcve.org/view.php?id=CVE-2020-21504

05 Oct 2021 — waimai Super Cms 20150505 contains a cross-site scripting (XSS) vulnerability in the component /admin.php?&m=Public&a=login. waimai Super Cms versión 20150505, contiene una vulnerabilidad de tipo cross-site scripting (XSS) en el componente /admin.php?&m=Public&a=login • https://github.com/caokang/waimai/issues/16 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-21503

https://notcve.org/view.php?id=CVE-2020-21503

05 Oct 2021 — waimai Super Cms 20150505 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture. By setting the index.php?m=gift&a=addsave credit parameter to -1, the product is sold for free. waimai Super Cms versión 20150505, presenta un fallo lógico permitiendo a atacantes modificar un precio, antes del envío del formulario, observando los datos en una captura de paquetes. Al establecer el parámetro index.php?m=gift&a=addsave credit a -1, el producto se ... • https://github.com/caokang/waimai/issues/15 • CWE-668: Exposure of Resource to Wrong Sphere •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-18261

https://notcve.org/view.php?id=CVE-2018-18261

14 Apr 2019 — In waimai Super Cms 20150505, there is an XSS vulnerability via the /admin.php/Foodcat/addsave fcname parameter. Existe una vulnerabilidad de XSS en Waimai Super Cms 20150505, a través del parámetro /admin.php/Foodcat/addsave fcname. • https://github.com/caokang/waimai/issues/7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2019-7585

https://notcve.org/view.php?id=CVE-2019-7585

07 Feb 2019 — An issue was discovered in Waimai Super Cms 20150505. web/Lib/Action/PublicAction.class.php allows time-based SQL Injection via the param array parameter to the /index.php?m=public&a=checkemail URI. Se ha descubierto un problema en Waimai Super Cms 20150505. web/Lib/Action/PublicAction.class.php permite una inyección SQL basada en tiempo mediante el parámetro param array en el URI /index.php?m=publica=checkemail. • https://github.com/caokang/waimai/issues/11 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2019-7567

https://notcve.org/view.php?id=CVE-2019-7567

07 Feb 2019 — An issue was discovered in Waimai Super Cms 20150505. admin.php?m=Member&a=adminaddsave has XSS via the username or password parameter. Se ha descubierto un problema en Waimai Super Cms 20150505. admin.php?m=Membera=adminaddsave tiene Cross-Site Scripting (XSS) mediante los parámetros username o password. • https://github.com/caokang/waimai/issues/10 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2019-3577

https://notcve.org/view.php?id=CVE-2019-3577

02 Jan 2019 — An issue was discovered in Waimai Super Cms 20150505. web/Lib/Action/ProductAction.class.php allows blind SQL Injection via the id[0] parameter to the /product URI. Se ha descubierto un problema en Waimai Super Cms 20150505. web/Lib/Action/ProductAction.class.php permite inyecciones SQL a ciegas mediante el parámetro id[0] en el URI /product. • https://github.com/caokang/waimai/issues/9 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-18622

https://notcve.org/view.php?id=CVE-2018-18622

23 Oct 2018 — An issue was discovered in Waimai Super Cms 20150505. There is XSS via the index.php?m=public&a=doregister username parameter. Se ha descubierto un problema en Waimai Super Cms 20150505. Hay Cross-Site Scripting (XSS) mediante el parámetro username en index.php? • https://github.com/caokang/waimai/issues/8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-18082

https://notcve.org/view.php?id=CVE-2018-18082

09 Oct 2018 — XSS exists in Waimai Super Cms 20150505 via the fname parameter to the admin.php?m=Food&a=addsave or admin.php?m=Food&a=editsave URI. Existe Cross-Site Scripting (XSS) en Waimai Super Cms 20150505 mediante el parámetro fname en los URI admin.php?m=Fooda=addsave o admin.php? • https://github.com/caokang/waimai/issues/6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •