CVE-2018-11501
https://notcve.org/view.php?id=CVE-2018-11501
PHP Scripts Mall Website Seller Script 2.0.3 has CSRF via user_submit.php?upd=2, with resultant XSS. PHP Scripts Mall Website Seller Script versión 2.0.3 tiene Cross-Site Request Forgery (CSRF) mediante user_submit.php?upd=2, con Cross-Site Scripting (XSS) resultante. • https://gkaim.com/cve-2018-11501-vikas-chaudhary https://whitehatck01.blogspot.com/2018/02/website-seller-script-203-stored-xss.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2018-6870
https://notcve.org/view.php?id=CVE-2018-6870
Reflected XSS exists in PHP Scripts Mall Website Seller Script 2.0.3 via the Listings Search feature. Existe Cross-Site Scripting (XSS) reflejado en PHP Scripts Mall Website Seller Script 2.0.3 mediante la característica Listings Search. • https://0day4u.wordpress.com/2018/03/19/website-seller-script-reflected-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-6879
https://notcve.org/view.php?id=CVE-2018-6879
PHP Scripts Mall Website Seller Script 2.0.3 uses the client side to enforce validation of an e-mail address, which allows remote attackers to modify a registered e-mail address by removing the validation code. PHP Scripts Mall Website Seller Script 2.0.3 emplea el lado del cliente para aplicar la validación de una dirección de email, lo que permite que atacantes remotos modifiquen una dirección de correo electrónico registrada eliminando el código de validación. • https://0day4u.wordpress.com/2018/03/12/website-seller-script-improper-validation-of-email-address • CWE-20: Improper Input Validation •