Lucene search
K

82 matches found

OSV
OSV
added 2018/03/25 6:29 p.m.5 views

CVE-2018-9015

dsmall v20180320 allows XSS via the public/index.php/home/predeposit/index.html pdrsn parameter aka the CMS search box...

5.4CVSS5.8AI score0.00556EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2018/03/25 6:29 p.m.3 views

CVE-2018-9014

dsmall v20180320 allows physical path leakage via a public/index.php/home/predeposit/index.html?pdrsn= request...

7.5CVSS5.3AI score0.01152EPSS
Exploits0References2
NVD
NVD
added 2018/03/25 6:29 p.m.17 views

CVE-2018-9015

dsmall v20180320 allows XSS via the public/index.php/home/predeposit/index.html pdrsn parameter aka the CMS search box...

5.4CVSS5.3AI score0.00556EPSS
Exploits1References1
NVD
NVD
added 2018/03/25 6:29 p.m.17 views

CVE-2018-9017

dsmall v20180320 allows XSS via the member search box at the public/index.php/home/membersnsfriend/findlist.html URI...

5.4CVSS5.3AI score0.00556EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2018/03/25 6:29 p.m.2 views

CVE-2018-9017

dsmall v20180320 allows XSS via the member search box at the public/index.php/home/membersnsfriend/findlist.html URI...

5.4CVSS5.3AI score0.00556EPSS
Exploits1References2
OSV
OSV
added 2018/03/25 6:29 p.m.4 views

CVE-2018-9016

dsmall v20180320 allows XSS via the main page search box at the public/index.php/home URI...

6.1CVSS5.8AI score0.00707EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/03/25 6:0 p.m.21 views

CVE-2018-9016

dsmall v20180320 allows XSS via the main page search box at the public/index.php/home URI...

6.1AI score0.00707EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/03/25 6:0 p.m.15 views

CVE-2018-9015

dsmall v20180320 allows XSS via the public/index.php/home/predeposit/index.html pdrsn parameter aka the CMS search box...

5.3AI score0.00556EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/03/25 6:0 p.m.17 views

CVE-2018-9014

dsmall v20180320 allows physical path leakage via a public/index.php/home/predeposit/index.html?pdrsn= request...

7.4AI score0.01152EPSS
Exploits0References1
CVE
CVE
added 2018/03/25 6:0 p.m.44 views

CVE-2018-9015

CVE-2018-9015 affects dsmall v20180320, with a cross-site scripting (XSS) vulnerability exploitable via the public/index.php/home/predeposit/index.html page’s pdr_sn parameter (the CMS search box). The issue stems from unsanitized input in the pdr_sn field, enabling injection of arbitrary web scr...

5.4CVSS5.2AI score0.00556EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2018/03/25 6:0 p.m.50 views

CVE-2018-9017

CVE-2018-9017 affects dsmall v20180320 with a cross-site scripting (XSS) vulnerability可 in the public/index.php/home/membersnsfriend/findlist.html page via the member search box. CNVD/CNVD-2018-07558 describe a remote attacker injecting HTML/JavaScript to obtain sensitive information. The provide...

5.4CVSS5.2AI score0.00556EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2018/03/25 6:0 p.m.43 views

CVE-2018-9016

The CVE-2018-9016 entry corresponds to a cross‑site scripting (XSS) vulnerability in dsmall v20180320, exploitable via the main page search box (public/index.php/home). The CNVD entry explicitly notes that a remote attacker can inject arbitrary HTML/JavaScript to obtain sensitive information. The...

6.1CVSS6AI score0.00707EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2018/03/25 6:0 p.m.37 views

CVE-2018-9014

Summary: CVE-2018-9014 affects dsmall v20180320, where a vulnerability allows physical path leakage via the URL public/index.php/home/predeposit/index.html?pdr_sn=. What is affected: dsmall v20180320 (multi-user online shopping mall system). Root cause (as described): exposure of physical path in...

7.5CVSS7.3AI score0.01152EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2018/03/22 4:29 a.m.4 views

CVE-2018-8906

dsmall v20180320 has XSS via a crafted street address to public/index.php/home/memberaddress/index.html, which is mishandled at public/index.php/home/memberaddress/edit/addressid/2.html...

6.1CVSS5.8AI score0.00707EPSS
Exploits1References1
Prion
Prion
added 2018/03/22 4:29 a.m.16 views

Code injection

dsmall v20180320 has XSS via a crafted street address to public/index.php/home/memberaddress/index.html, which is mishandled at public/index.php/home/memberaddress/edit/addressid/2.html...

4.3CVSS5.8AI score0.00707EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2018/03/22 4:29 a.m.1 views

CVE-2018-8906

dsmall v20180320 has XSS via a crafted street address to public/index.php/home/memberaddress/index.html, which is mishandled at public/index.php/home/memberaddress/edit/addressid/2.html...

6.1CVSS5.4AI score0.00707EPSS
Exploits1References2
NVD
NVD
added 2018/03/22 4:29 a.m.13 views

CVE-2018-8906

dsmall v20180320 has XSS via a crafted street address to public/index.php/home/memberaddress/index.html, which is mishandled at public/index.php/home/memberaddress/edit/addressid/2.html...

6.1CVSS5.9AI score0.00707EPSS
Exploits1References1
CVE
CVE
added 2018/03/22 4:0 a.m.46 views

CVE-2018-8906

Summary (CVE-2018-8906) : The vulnerability affects dsmall v20180320 and is an XSS flaw reachable via crafted street address input on the public/index.php/home/memberaddress/index.html page, mishandled at public/index.php/home/memberaddress/edit/address_id/2.html. The issue arises from improper h...

6.1CVSS5.8AI score0.00707EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2018/03/22 12:0 a.m.4 views

dsmall Cross-Site Scripting Vulnerability

dsmall is a multi-user platform-level online shopping mall system. A cross-site scripting vulnerability exists in dsmall version 20180320, which stems from a failure of the program to properly handle street address information on the public/index.php/home/memberaddress/edit/addressid/2.html page....

6.1CVSS6.2AI score0.00707EPSS
Exploits1References1
CNVD
CNVD
added 2018/01/14 12:0 a.m.3 views

File inclusion vulnerability in the get_url_contents() method of the DSmall Multi-User Mall system

DSmall is a multi-user mall system source code developed with thinkPHP as the framework. DSmall multi-user mall system geturlcontents method file inclusion vulnerability. Allow attackers to exploit the vulnerability to remotely execute arbitrary code...

7.6AI score
Exploits0
Rows per page
Query Builder