CVE-2019-20337

In PHP Scripts Mall advanced-real-estate-script 4.0.9, the news_edit.php news_id parameter is vulnerable to SQL Injection.

CVE-2019-20336

In PHP Scripts Mall advanced-real-estate-script 4.0.9, the search-results.php searchtext parameter is vulnerable to XSS.

CVE-2018-5072

Online Ticket Booking has XSS via the admin/sitesettings.php keyword parameter.

CVE-2018-5074

Online Ticket Booking has XSS via the admin/manageownerlist.php contact parameter.

CVE-2017-17603

Advanced Real Estate Script 4.0.7 has SQL Injection via the search-results.php Projectmain, proj_type, searchtext, sell_price, or maxprice parameter.

CVE-2018-15188

PHP Scripts Mall advanced-real-estate-script 4.0.9 allows remote attackers to cause a denial of service (page structure loss) via crafted JavaScript code in the Name field of a profile.

CVE-2018-5075

Online Ticket Booking has XSS via the admin/snacks_edit.php snacks_name parameter.

CVE-2018-5076

Online Ticket Booking has XSS via the admin/newsedit.php newstitle parameter.

CVE-2018-5077

Online Ticket Booking has XSS via the admin/movieedit.php moviename parameter.

CVE-2018-15189

PHP Scripts Mall advanced-real-estate-script has XSS via the Name field of a profile.

CVE-2018-5073

Online Ticket Booking has CSRF via admin/movieedit.php.

CVE-2018-5078

Online Ticket Booking has XSS via the admin/eventlist.php cast parameter.

CVE-2018-15187

PHP Scripts Mall advanced-real-estate-script 4.0.9 has CSRF via edit-profile.php.