Lucene search

Chartered Accountant : Auditor Website Security Vulnerabilities - January

cve

CVE-2018-13256

PHP Scripts Mall Auditor Website 2.0.1 has XSS via the lastname or firstname parameter.

6.1CVSS

6AI Score

0.001EPSS

2018-07-09 12:29 PM

cve

CVE-2018-15186

PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has CSRF via client/auditor/updprofile.php.

8.8CVSS

8.7AI Score

0.001EPSS

2018-08-10 03:29 PM

cve

CVE-2018-20636

PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has HTML injection via the First Name field.

5.4CVSS

5.8AI Score

0.001EPSS

2019-03-21 04:00 PM

cve

CVE-2018-20637

PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 allows remote attackers to cause a denial of service (unrecoverable blank profile) via crafted JavaScript code in the First Name and Last Name field.

6.5CVSS

6.5AI Score

0.001EPSS

2019-03-21 04:00 PM

cve

CVE-2018-20638

PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory.

6.5CVSS

6.5AI Score

0.001EPSS

2019-03-21 04:00 PM

cve

CVE-2019-7553

PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has Stored XSS in the Profile Update page via the My Name field.

5.4CVSS

5.2AI Score

0.001EPSS

2019-06-06 04:29 PM