5 matches found
CVE-2018-8805
Yxcms building system compatible cell phone v1.4.7 has XSS via the content parameter to protected\apps\default\view\default\extendguestbook.php or protected\apps\default\view\mobile\extendguestbook.php in an index.php?r=default/column/index&col=guestbook request...
Yxcms Logic Flaw Vulnerability
Yxcms building system compatible cell phone is a website creation system. A security vulnerability exists in the protected\apps\member\controller\shopcarController.php file in version 1.4.7 of the Yxcms building system compatible cell phone. The vulnerability can be exploited by an attacker to...
CVE-2018-8761
protected\apps\member\controller\shopcarController.php in Yxcms building system compatible cell phone v1.4.7 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture...
CVE-2018-8761
protected\apps\member\controller\shopcarController.php in Yxcms building system compatible cell phone v1.4.7 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture...
CVE-2018-8761
CVE-2018-8761 : In Yxcms building system (compatible cell phone) v1.4.7, a logic flaw in the file protected\apps\member\controller\shopcarController.php allows an attacker to modify a price before form submission by observing data in a packet capture. The vulnerability is described in multiple so...