11 matches found
CVE-2018-9307
dsmall v20180320 allows XSS via the pdrsn parameter to public/index.php/home/predeposit/index.html...
dsmall Physical Path Disclosure Vulnerability
dsmall is a multi-user platform-level online shopping mall system. A security vulnerability exists in dsmall version 20180320. An attacker can exploit the vulnerability by sending public/index.php/home/predeposit/index.html?pdrsn=request to obtain a physical path...
dsmall cross-site scripting vulnerability (CNVD-2018-07558)
dsmall is a multi-user platform-level online shopping mall system. A cross-site scripting vulnerability exists in dsmall version 20180320. A remote attacker can inject arbitrary HTML/JavaScript code to obtain sensitive information via the member query box in the...
dsmall cross-site scripting vulnerability (CNVD-2018-07546)
dsmall is a multi-user platform-level online shopping mall system. A cross-site scripting vulnerability exists in dsmall version 20180320. A remote attacker can use the main page query box in the public/index.php/home URI to inject arbitrary HTML/JavaScript code to obtain sensitive information...
dsmall cross-site scripting vulnerability (CNVD-2018-07545)
dsmall is a multi-user platform-level online shopping mall system. A cross-site scripting vulnerability exists in dsmall version 20180320. A remote attacker can exploit this vulnerability by sending the 'pdrsn' parameter to the public/index.php/home/predeposit/index.html page to inject arbitrary...
CVE-2018-9016
dsmall v20180320 allows XSS via the main page search box at the public/index.php/home URI...
CVE-2018-9016
dsmall v20180320 allows XSS via the main page search box at the public/index.php/home URI...
CVE-2018-9014
dsmall v20180320 allows physical path leakage via a public/index.php/home/predeposit/index.html?pdrsn= request...
CVE-2018-8906
dsmall v20180320 has XSS via a crafted street address to public/index.php/home/memberaddress/index.html, which is mishandled at public/index.php/home/memberaddress/edit/addressid/2.html...
CVE-2018-8906
dsmall v20180320 has XSS via a crafted street address to public/index.php/home/memberaddress/index.html, which is mishandled at public/index.php/home/memberaddress/edit/addressid/2.html...
dsmall Cross-Site Scripting Vulnerability
dsmall is a multi-user platform-level online shopping mall system. A cross-site scripting vulnerability exists in dsmall version 20180320, which stems from a failure of the program to properly handle street address information on the public/index.php/home/memberaddress/edit/addressid/2.html page....