7 results (0.002 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1

PHP Scripts Mall Website Seller Script 2.0.5 allows full Path Disclosure via a request for an arbitrary image URL such as a .png file. PHP Scripts Mall Website Seller Script 2.0.5 permite la divulgación de la ruta completa mediante una petición para una URL de imagen arbitraria, como un archivo .png. • https://gkaim.com/cve-2018-20631-vikas-chaudhary • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

PHP Scripts Mall Website Seller Script 2.0.5 has XSS via a Profile field such as Company Address, a related issue to CVE-2018-15896. PHP Scripts Mall Website Seller Script 2.0.5 tiene Cross-Site Scripting (XSS) mediante un campo de Profile como Company Address. Esto está relacionado con CVE-2018-15896. • https://suku90.wordpress.com/2018/12/27/php-scripts-mall-website-seller-script-2-0-5-stored-and-reflected-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

PHP Scripts Mall Website Seller Script 2.0.5 has XSS via Personal Address or Company Name. PHP Scripts Mall Website Seller Script 2.0.5 tiene Cross-Site Scripting (XSS) mediante Personal Address o Company Name. • https://gkaim.com/cve-2018-15896-vikas-chaudhary • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

PHP Scripts Mall Website Seller Script 2.0.5 allows remote attackers to cause a denial of service via crafted JavaScript code in the First Name, Last Name, Company Name, or Fax field, as demonstrated by crossPwn. PHP Scripts Mall Website Seller Script 2.0.5 permite que atacantes remotos provoquen una denegación de servicio (DoS) mediante código JavaScript manipulado en los campos "First Name", "Last Name", "Company Name" o "Fax", tal y como queda demostrado con crossPwn. • https://gkaim.com/cve-2018-15897-vikas-chaudhary • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2

PHP Scripts Mall Website Seller Script 2.0.3 has CSRF via user_submit.php?upd=2, with resultant XSS. PHP Scripts Mall Website Seller Script versión 2.0.3 tiene Cross-Site Request Forgery (CSRF) mediante user_submit.php?upd=2, con Cross-Site Scripting (XSS) resultante. • https://gkaim.com/cve-2018-11501-vikas-chaudhary https://whitehatck01.blogspot.com/2018/02/website-seller-script-203-stored-xss.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •