Lucene search

Entrepreneur Job Portal Script Security Vulnerabilities - February

cve

CVE-2017-17596

Entrepreneur Job Portal Script 2.0.6 has SQL Injection via the jobsearch_all.php rid1 parameter.

9.8CVSS

9.9AI Score

0.002EPSS

2017-12-13 09:29 AM

cve

CVE-2018-20639

PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has HTML injection via the Search Bar.

6.1CVSS

6.5AI Score

0.001EPSS

2019-03-21 04:00 PM

cve

CVE-2018-20640

PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has stored Cross-Site Scripting (XSS) via the Full Name field.

5.4CVSS

5.3AI Score

0.001EPSS

2019-03-21 04:00 PM

cve

CVE-2018-20641

PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature.

8.8CVSS

8.8AI Score

0.001EPSS

2019-03-21 04:00 PM

cve

CVE-2018-20642

PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 allows remote attackers to cause a denial of service (outage of profile editing) via crafted JavaScript code in the KeySkills field.

6.5CVSS

6.5AI Score

0.001EPSS

2019-03-21 04:00 PM

cve

CVE-2018-20643

PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory.

6.5CVSS

6.5AI Score

0.001EPSS

2019-03-21 04:00 PM

cve

CVE-2018-7469

PHP Scripts Mall Entrepreneur Job Portal Script 2.0.9 has XSS via the p_name (aka Edit Category Name) field to admin/categories_industry.php (aka Categories - Industry Type).

4.8CVSS

4.9AI Score

0.001EPSS

2018-02-28 03:29 PM