CVE-2018-10135
iScripts eSwap v2.4 contains a Reflected Cross-Site Scripting (XSS) vulnerability in the User Panel, exploitable via the catid parameter of catwiseproducts.php. The root cause is the lack of input sanitization/reflection of user-controlled data in server responses, enabling injection of arbitrary...