Ustore Security Vulnerabilities
A persistent cross-site scripting (XSS) vulnerability exists on two input fields within the administrative panel when editing users in the XMPie UStore application on version...
4.8CVSS
4.9AI Score
0.001EPSS
XMPie uStore 12.3.7244.0 allows for administrators to generate reports based on raw SQL queries. Since the application ships with default administrative credentials, an attacker may authenticate into the application and exfiltrate sensitive information from the...
7.5CVSS
7.6AI Score
0.001EPSS
SQL injection vulnerability in detail.asp in Superfreaker Studios UStore 1.0 allows remote attackers to execute arbitrary SQL commands via the ID...
8.8AI Score
0.008EPSS
SQL injection vulnerability in UStore allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...
8.7AI Score
0.003EPSS
Multiple cross-site scripting (XSS) vulnerabilities in UStore allow remote attackers to inject arbitrary web script or HTML via the (1) Cat parameter in default.asp and the (2) accessdenied parameter in admin/default.asp. NOTE: the provenance of this information is unknown; the details are...
5.9AI Score
0.003EPSS