3 results (0.003 seconds)

CVSS: 9.8EPSS: 70%CPEs: 1EXPL: 5

CVE-2021-32172 – Maian-Cart 3.8 - Remote Code Execution (RCE) (Unauthenticated)

https://notcve.org/view.php?id=CVE-2021-32172

07 Oct 2021 — Maian Cart v3.8 contains a preauthorization remote code execution (RCE) exploit via a broken access control issue in the Elfinder plugin. Maian Cart versión v3.8, contiene una explotación de ejecución de código remota (RCE) por medio de un problema de control de acceso roto en el plugin Elfinder • https://packetstorm.news/files/id/164445 • CWE-862: Missing Authorization •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2008-2212

https://notcve.org/view.php?id=CVE-2008-2212

14 May 2008 — Multiple cross-site scripting (XSS) vulnerabilities in Maian Cart 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_adminheader, (2) msg_adminheader2, (3) msg_adminheader3, (4) msg_adminheader4, and unspecified other parameters to admin/inc/header.php; the (5) msg_script3 and unspecified other parameters to admin/inc/footer.php; and the (6) keywords parameter to index.php in a search action. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Maia... • http://securityreason.com/securityalert/3891 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2008-1075

https://notcve.org/view.php?id=CVE-2008-1075

29 Feb 2008 — Cross-site scripting (XSS) vulnerability in index.php in Maian Cart 1.1 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a search command. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en index.php de Maian Cart 1.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro keywords... • http://secunia.com/advisories/29114 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •