CVE-2019-9064

PHP Scripts Mall Cab Booking Script 1.0.3 allows Directory Traversal into the parent directory of a jpg or png file...

CVE-2019-9065

PHP Scripts Mall Custom T-Shirt Ecommerce Script 3.1.1 allows parameter tampering of the payment amount...

CVE-2019-9064

The CVE-2019-9064 entry corresponds to a directory traversal flaw in PHP Scripts Mall Cab Booking Script 1.0.3. Multiple connected sources (CNVD, CVE records, PRION, NVD) describe that an attacker can traverse directories to reach the parent directory of a jpg or png file, exposing directory stru...

CVE-2019-9066

PHP Scripts Mall PHP Appointment Booking Script 3.0.3 allows HTML injection in a user profile...

CVE-2019-8361

PHP Scripts Mall Responsive Video News Script has XSS via the Search Bar. This might, for example, be leveraged for HTML injection or URL redirection...

CVE-2019-8361

The CVE-2019-8361 vulnerability affects PHP Scripts Mall’s Responsive Video News Script, where an XSS flaw in the Search Bar could enable HTML injection or URL redirection. Public details describe the vulnerability but do not provide exploit code, affected versions, or explicit remediation in the...

CVE-2019-8361

PHP Scripts Mall Responsive Video News Script has XSS via the Search Bar. This might, for example, be leveraged for HTML injection or URL redirection...

Cross site scripting

PHP Scripts Mall Citysearch / Hotfrog / Gelbeseiten Clone Script 2.0.1 has Reflected XSS via the srch parameter, as demonstrated by restaurants-details.php...

CVE-2019-6248

CVE-2019-6248 affects PHP Scripts Mall Citysearch / Hotfrog / Gelbeseiten Clone Script 2.0.1. The connected sources consistently describe a Reflected XSS vulnerability triggered via the srch parameter, demonstrated by the restaurants-details.php endpoint. The vulnerability arises in user-supplied...

Design/Logic Flaw

The Admin Panel of PHP Scripts Mall Advance Peer to Peer MLM Script v1.7.0 allows remote attackers to bypass intended access restrictions by directly navigating to admin/dashboard.php or admin/user.php, as demonstrated by disclosure of information about users and staff...

PHP Scripts Mall Website Seller Script Cross-Site Scripting Vulnerability (CNVD-2019-21121)

PHP Scripts Mall Website Seller Script is an e-commerce website system script from PHP Scripts Mall India. A cross-site scripting vulnerability exists in PHP Scripts Mall Website Seller Script version 2.0.5, which can be exploited by remote attackers to inject arbitrary web script or HTML via the...

CVE-2018-20530

PHP Scripts Mall Website Seller Script 2.0.5 has XSS via a Profile field such as Company Address, a related issue to CVE-2018-15896...

CVE-2018-20530

PHP Scripts Mall Website Seller Script 2.0.5 has XSS via a Profile field such as Company Address, a related issue to CVE-2018-15896...

Design/Logic Flaw

PHP Scripts Mall Website Seller Script 2.0.5 has XSS via a Profile field such as Company Address, a related issue to CVE-2018-15896...

CVE-2018-20530

PHP Scripts Mall Website Seller Script 2.0.5 has XSS via a Profile field such as Company Address, a related issue to CVE-2018-15896...

Cross site scripting

PHP Scripts Mall Entrepreneur B2B Script 3.0.6 allows Stored XSS via Account Settings fields such as FirstName and LastName, a similar issue to CVE-2018-14541...

CVE-2018-16457

PHP Scripts Mall Open Source Real-estate Script 3.6.2 allows remote attackers to list the wp-content/themes/templatedpdec2015/img directory...

CVE-2018-16456

PHP Scripts Mall Website Seller Script 2.0.5 has XSS via a keyword. NOTE: This may overlap with CVE-2018-6870 which has XSS via the Listings Search feature...

CVE-2018-16455

PHP Scripts Mall Market Place Script 1.0.1 allows XSS via a keyword...

CVE-2018-16453

PHP Scripts Mall Domain Lookup Script 3.0.5 allows XSS in the search bar...