6 matches found
CVE-2018-18433
An issue was discovered in DESTOON B2B 7.0. admin/category.inc.php has XSS via the categorycatname parameter to the admin.php URI...
Cross site request forgery (csrf)
An issue was discovered in DESTOON B2B 7.0. CSRF exists via the admin.php URI in an action=add request...
CVE-2018-18432
An issue was discovered in DESTOON B2B 7.0. CSRF exists via the admin.php URI in an action=add request...
CVE-2018-18431
DESTOON B2B 7.0 contains a cross-site scripting (XSS) vulnerability exposed via text boxes when visiting admin.php?moduleid=2&action=add. The CVE entry and CNVD/NVD variants describe the same issue, with no explicit details on affected build flavors beyond version 7.0 and the vulnerable input poi...
CVE-2018-18430
An issue was discovered in DESTOON B2B 7.0. admin\setting.inc.php has XSS via the first text box to the admin.php URI...
CVE-2018-18433
DESTOON B2B 7.0 contains a cross-site scripting (XSS) vulnerability in admin/category.inc.php, exploitable via the category[catname] parameter to admin.php. Affected component is the admin interface; root cause is unescaped user input flowing into the response. Public sources (NVD/CNVD/CVE record...