CVE-2018-6870

The CVE-2018-6870 entry describes a Reflected XSS in PHP Scripts Mall Website Seller Script 2.0.3 via the Listings Search feature. Affected software is PHP Scripts Mall Website Seller Script 2.0.3; root cause identified as reflected XSS through the Listings Search parameter. No exploit details or...

CVE-2018-6879

The CVE-2018-6879 entry concerns PHP Scripts Mall Website Seller Script 2.0.3 where client-side validation is used to enforce email format. The vulnerability arises because the validation can be bypassed by removing the client-side validation code, enabling a remote attacker to modify a registere...

CVE-2018-6900

PHP Scripts Mall Website Broker Script 3.0.6 has XSS via the Last Name field on the My Profile page...

CVE-2018-6935

PHP Scripts Mall Student Profile Management System Script v2.0.6 has XSS via the Name field to liststudent.php...

CVE-2018-6904

CVE-2018-6904 affects PHP Scripts Mall Car Rental Script 2.0.8. The issue is an XSS vulnerability in the User Name field during an Edit Profile action. According to the NVD details, the vulnerability has a CVSS v2 base score of 3.5 (LOW) and a CVSS v3 base score of 5.4 (MEDIUM). The metrics indic...

CVE-2018-6935

CVE-2018-6935 affects PHP Scripts Mall Student Profile Management System Script v2.0.6, where an XSS vulnerability exists in the Name field of list_student.php. The available records confirm the vulnerability exists but do not provide exploitation details, affected product build numbers beyond v2...

CVE-2018-6870

Reflected XSS exists in PHP Scripts Mall Website Seller Script 2.0.3 via the Listings Search feature...

CVE-2018-6902

PHP Scripts Mall Image Sharing Script 1.3.3 has XSS via the Full Name field in an Edit Profile action...

CVE-2018-6900

The CVE-2018-6900 entry concerns PHP Scripts Mall Website Broker Script 3.0.6, with a reflected/stored XSS via the Last Name field on the My Profile page. The publicly documented content across sources confirms the vulnerable component (the broker script), the input vector (Last Name on My Profil...

Design/Logic Flaw

PHP Scripts Mall Match Clone Script 1.0.4 has XSS via the search field to searchbyid.php aka the "View Search By Id" screen...

CVE-2018-9857

PHP Scripts Mall Match Clone Script 1.0.4 has XSS via the search field to searchbyid.php aka the "View Search By Id" screen...

CVE-2018-9857

PHP Scripts Mall Match Clone Script 1.0.4 has XSS via the search field to searchbyid.php aka the "View Search By Id" screen...

CVE-2018-9857

PHP Scripts Mall Match Clone Script 1.0.4 has XSS via the search field to searchbyid.php aka the "View Search By Id" screen...

CVE-2018-9857

CVE-2018-9857 concerns PHP Scripts Mall Match Clone Script 1.0.4. The vulnerability is a Cross-Site Scripting (XSS) flaw exposed via the searchbyid.php “View Search By Id” screen in the product’s search field. Attackers can inject arbitrary scripts, as demonstrated by PoCs in the linked exploit r...

PHP Scripts Mall Match Clone Script Cross-Site Scripting Vulnerability

PHP Scripts Mall Match Clone Script is a matrimonial dating software from PHP Scripts Mall India. The program features live chat, privacy protection and member registration. A cross-site scripting vulnerability exists in PHP Scripts Mall Match Clone Script version 1.0.4. A remote attacker can...

Design/Logic Flaw

PHP Scripts Mall Redbus Clone Script 3.0.6 has XSS via the terfrom or tag parameter to results.php...

CVE-2018-9328

PHP Scripts Mall Redbus Clone Script 3.0.6 has XSS via the terfrom or tag parameter to results.php...

[20180502] - Core - Add PHAR files to the upload blacklist

Depending on the server configuration, PHAR files might be handled as executable PHP scripts by the webserver...

CVE-2018-7650

PHP Scripts Mall Hot Scripts Clone:Script Classified Version 3.1 Application is vulnerable to stored XSS within the "Add New" function for a Management User. Within the "Add New" section, the application does not sanitize user supplied input to the name parameter, and renders injected JavaScript...

CVE-2018-7650

PHP Scripts Mall Hot Scripts Clone:Script Classified Version 3.1 Application is vulnerable to stored XSS within the "Add New" function for a Management User. Within the "Add New" section, the application does not sanitize user supplied input to the name parameter, and renders injected JavaScript...