OpenTrade before 2019-11-23 allows SQL injection, related to server/modules/api/v1.js and server/utils.js.
9.8CVSS
9.6AI Score
0.001EPSS
OpenTrade through 0.2.0 has a DOM-based XSS vulnerability that is executed when an administrator attempts to delete a message that contains JavaScript.
5.4CVSS
5.2AI Score
0.001EPSS