PHP Scripts Mall Website Seller Script 2.0.3 has CSRF via user_submit.php?upd=2, with resultant XSS.
8.8CVSS
8.7AI Score
0.001EPSS
PHP Scripts Mall Website Seller Script 2.0.5 has XSS via Personal Address or Company Name.
5.4CVSS
5.3AI Score
0.001EPSS
PHP Scripts Mall Website Seller Script 2.0.5 allows remote attackers to cause a denial of service via crafted JavaScript code in the First Name, Last Name, Company Name, or Fax field, as demonstrated by crossPwn.
6.5CVSS
6.6AI Score
0.002EPSS
PHP Scripts Mall Website Seller Script 2.0.5 has XSS via a Profile field such as Company Address, a related issue to CVE-2018-15896.
5.4CVSS
5.2AI Score
0.001EPSS
PHP Scripts Mall Website Seller Script 2.0.5 allows full Path Disclosure via a request for an arbitrary image URL such as a .png file.
5.3CVSS
5.4AI Score
0.002EPSS
Reflected XSS exists in PHP Scripts Mall Website Seller Script 2.0.3 via the Listings Search feature.
6.1CVSS
6AI Score
0.001EPSS
PHP Scripts Mall Website Seller Script 2.0.3 uses the client side to enforce validation of an e-mail address, which allows remote attackers to modify a registered e-mail address by removing the validation code.
8.8CVSS
8.6AI Score
0.003EPSS