17 matches found
CVE-2018-10049
iScripts eSwap v2.4 has XSS via the "registrationsettings.php" txtDate parameter in the Admin Panel...
CVE-2018-10050
iScripts eSwap v2.4 has SQL injection via the "registrationsettings.php" ddlFree parameter in the Admin Panel...
Exploit for CVE-2025-5701
CVE-2025-5701 HyperComments = 1.2.2 - Unauthenticated Subscr...
PT-2025-6436 · Zoxpress +1 · Zoxpress +1
Name of the Vulnerable Software and Affected Versions: The ZoxPress - The All-In-One WordPress News Theme versions up to, and including, 2.12.0 Description: The issue allows unauthorized modification of data, leading to privilege escalation due to a missing capability check on the backup options...
CVE-2020-23184
A stored cross site scripting XSS vulnerability in /administration/settingsregistration.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Registration" field...
iScripts eSwap Cross-Site Request Forgery Vulnerability
IScripts eSwap is an item trading software from IScripts Inc. The program supports the use of virtual currencies for trading or direct item exchange.User Panel is one of the user panels. A cross-site request forgery vulnerability exists in iScripts eSwap v2.4. The vulnerability can be exploited t...
iScripts eSwap SQL Injection Vulnerability
IScripts eSwap is an item trading program from IScripts Inc. that supports the use of virtual currency or direct item exchange. The program supports the use of virtual currencies to trade or directly exchange items.User Panel is one of the user panels. A SQL injection vulnerability exists in...
iScripts eSwap registration_settings.php cross-site scripting vulnerability
IScripts eSwap is an item trading software from IScripts Inc. The program supports the use of virtual currencies for trading or direct item exchange.User Panel is one of the user panels. A cross-site scripting vulnerability exists in iScripts eSwap v2.4. The vulnerability can be exploited via the...
CVE-2018-10050
iScripts eSwap v2.4 has SQL injection via the "registrationsettings.php" ddlFree parameter in the Admin Panel...
CVE-2018-10048
iScripts eSwap v2.4 has CSRF via "registrationsettings.php" in the Admin Panel...
CVE-2018-10049
iScripts eSwap v2.4 has XSS via the "registrationsettings.php" txtDate parameter in the Admin Panel...
Design/Logic Flaw
iScripts eSwap v2.4 has XSS via the "registrationsettings.php" txtDate parameter in the Admin Panel...
Sql injection
iScripts eSwap v2.4 has SQL injection via the "registrationsettings.php" ddlFree parameter in the Admin Panel...
CVE-2018-10048
iScripts eSwap v2.4 has CSRF via "registrationsettings.php" in the Admin Panel...
Cross site request forgery (csrf)
iScripts eSwap v2.4 has CSRF via "registrationsettings.php" in the Admin Panel...
CVE-2018-10050
iScripts eSwap v2.4 has SQL injection via the "registrationsettings.php" ddlFree parameter in the Admin Panel...
CVE-2018-10048
iScripts eSwap v2.4 has CSRF via "registrationsettings.php" in the Admin Panel...