Cross site request forgery (csrf)

PHP Scripts Mall Website Seller Script 2.0.3 has CSRF via usersubmit.php?upd=2, with resultant XSS...

CVE-2018-11501

PHP Scripts Mall Website Seller Script 2.0.3 has CSRF via usersubmit.php?upd=2, with resultant XSS...

CVE-2018-11501

PHP Scripts Mall Website Seller Script 2.0.3 has CSRF via usersubmit.php?upd=2, with resultant XSS...

CVE-2018-11501

The CVE-2018-11501 entry concerns PHP Scripts Mall Website Seller Script 2.0.3, where a CSRF flaw in user_submit.php?upd=2 enables an XSS outcome. The connected records corroborate the same vulnerability description across multiple databases, including NVD, CVE List, CNVD, and others. According t...

EasyService Billing 1.0 - Cross-Site Request Forgery

EasyService Billing 1.0 - Cross-Site Request Forgery history.pushState'', '', '/' input typ...

EasyService Billing 1.0 - Cross-Site Request Forgery

history.pushState'', '', '/' input type="hidden" nam...

Trusted-Directory Bypass via Path Traversal

if you enable secrity .$trusteddir is an array of all directories that are considered trusted. Trusted directories are where you keep php scripts that are executed directly from the templates . the attackers can use ../ to bypass the dir ,if they can editing the templates, they read any file they...

Match Clone Script 1.0.4 Cross Site Scripting

Exploit Title: Match Clone Script 1.0.4 - Cross-Site Scripting Date: 23.02.2018 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/match-clone/ Category: Web Application Exploit Author: ManhNho Version: 1.0.4 Tested on: Window 10 / Kali Linux CV...

Match Clone Script 1.0.4 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Match Clone Script 1.0.4 - Cross-Site Scripting Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/match-clone/ Category: Web Application Exploit Author: ManhNho Version: 1.0.4...

Match Clone Script 1.0.4 - Cross-Site Scripting

Match Clone Script 1.0.4 - Cross-Site Scripting Exploit Title: Match Clone Script 1.0.4 - Cross-Site Scripting Date: 23.02.2018 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/match-clone/ Category: Web Application Exploit Author: ManhNho...

Match Clone Script 1.0.4 - Cross-Site Scripting

Exploit Title: Match Clone Script 1.0.4 - Cross-Site Scripting Date: 23.02.2018 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/match-clone/ Category: Web Application Exploit Author: ManhNho Version: 1.0.4 Tested on: Window 10 / Kali Linux CV...

Input validation

PHP Scripts Mall Website Seller Script 2.0.3 uses the client side to enforce validation of an e-mail address, which allows remote attackers to modify a registered e-mail address by removing the validation code...

CVE-2018-6934

CSRF exists in student/personal-info in PHP Scripts Mall Online Tutoring Script 2.0.3...

Cross site request forgery (csrf)

CSRF exists in student/personal-info in PHP Scripts Mall Online Tutoring Script 2.0.3...

CVE-2018-6904

PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the User Name field in an Edit Profile action...

CVE-2018-6900

PHP Scripts Mall Website Broker Script 3.0.6 has XSS via the Last Name field on the My Profile page...

CVE-2018-6934

CSRF exists in student/personal-info in PHP Scripts Mall Online Tutoring Script 2.0.3...

Cross site scripting

Reflected XSS exists in PHP Scripts Mall Website Seller Script 2.0.3 via the Listings Search feature...

CVE-2018-6900

PHP Scripts Mall Website Broker Script 3.0.6 has XSS via the Last Name field on the My Profile page...

CVE-2018-6904

PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the User Name field in an Edit Profile action...