8 matches found
iScripts eSwap 2.0 - sqli and xss vulnerability
No description provided by source...
CVE-2010-5036
SQL injection vulnerability in addsale.php in iScripts eSwap 2.0 allows remote attackers to execute arbitrary SQL commands via the type parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in search.php in iScripts eSwap 2.0 allows remote attackers to inject arbitrary web script or HTML via the txtHomeSearch parameter aka the search field. NOTE: some of these details are obtained from third party information...
CVE-2010-5036
SQL injection vulnerability in addsale.php in iScripts eSwap 2.0 allows remote attackers to execute arbitrary SQL commands via the type parameter...
Sql injection
SQL injection vulnerability in addsale.php in iScripts eSwap 2.0 allows remote attackers to execute arbitrary SQL commands via the type parameter...
CVE-2010-5035
CVE-2010-5035 is an XSS vulnerability in iScripts eSwap 2.0, affecting the search.php script via the txtHomeSearch parameter. The underlying issue is a failure to properly sanitize input, enabling remote attackers to inject arbitrary script/HTML through the search field. The NVD entry lists a CVS...
CVE-2010-5036
CVE-2010-5036 affects iScripts eSwap 2.0, where addsale.php is vulnerable to SQL injection via the type parameter. The vulnerability allows remote attackers to potentially manipulate the database, with a CVSSv2 base score of 7.5 (HIGH) and network-based, low-complexity conditions, authenticated a...
CVE-2010-5036
SQL injection vulnerability in addsale.php in iScripts eSwap 2.0 allows remote attackers to execute arbitrary SQL commands via the type parameter...