iScripts UberforX 2.2 has CSRF in the "manage_settings" section of the Admin Panel via the /cms?section=manage_settings&action=edit...
8.8CVSS
8.6AI Score
0.001EPSS
iScripts eSwap v2.4 has SQL injection via the "registration_settings.php" ddlFree parameter in the Admin...
7.2CVSS
7.4AI Score
0.001EPSS
iScripts SupportDesk v4.3 has XSS via the staff/inteligentsearchresult.php txtinteligentsearch...
5.4CVSS
5.2AI Score
0.001EPSS
8.8CVSS
8.6AI Score
0.001EPSS
iScripts UberforX 2.2 has Stored XSS in the "manage_settings" section of the Admin Panel via a value field to the /cms?section=manage_settings&action=edit...
6.1CVSS
5.8AI Score
0.001EPSS
iScripts SupportDesk v4.3 has XSS via the admin/inteligentsearchresult.php txtinteligentsearch...
4.8CVSS
4.9AI Score
0.001EPSS
iScripts eSwap v2.4 has XSS via the "registration_settings.php" txtDate parameter in the Admin...
4.8CVSS
4.9AI Score
0.001EPSS
iScripts eSwap v2.4 has Reflected XSS via the "catwiseproducts.php" catid parameter in the User...
6.1CVSS
5.9AI Score
0.001EPSS
iScripts eSwap v2.4 has SQL injection via the "salelistdetailed.php" User Panel ToId...
9.8CVSS
9.8AI Score
0.002EPSS
iScripts eSwap v2.4 has SQL injection via the wishlistdetailed.php User Panel ToId...
9.8CVSS
9.8AI Score
0.002EPSS
iScripts eSwap v2.4 has SQL injection via the "search.php" 'Told' parameter in the User...
8.8CVSS
9AI Score
0.001EPSS
iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the "Site Description"...
5.4CVSS
5.3AI Score
0.001EPSS
iScripts SonicBB 1.0 has Reflected Cross-Site Scripting via the query parameter to...
6.1CVSS
6AI Score
0.003EPSS
5.4CVSS
5.3AI Score
0.001EPSS
Multiple directory traversal vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to read arbitrary files via the (1) tmpid parameter to websitebuilder/showtemplateimage.php, (2) fname parameter to admin/downloadfile.php, or (3) id parameter to...
7.2AI Score
0.026EPSS
Multiple SQL injection vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to execute arbitrary SQL commands via the cmbdomain parameter to (1) checktransferstatus.php, (2) checktransferstatusbck.php, or (3) additionalsettings.php; or (4) invno parameter to...
8.8AI Score
0.002EPSS
SQL injection vulnerability in viewhistorydetail.php in iScripts EasyBiller 1.1 allows remote attackers to execute arbitrary SQL commands via the planid...
8.7AI Score
0.002EPSS
Cross-site scripting (XSS) vulnerability in search.php in iScripts eSwap 2.0 allows remote attackers to inject arbitrary web script or HTML via the txtHomeSearch parameter (aka the search field). NOTE: some of these details are obtained from third party...
5.9AI Score
0.007EPSS
SQL injection vulnerability in addsale.php in iScripts eSwap 2.0 allows remote attackers to execute arbitrary SQL commands via the type...
8.7AI Score
0.006EPSS
SQL injection vulnerability in profile.php in iScripts CyberMatch 1.0 allows remote attackers to execute arbitrary SQL commands via the id...
8.7AI Score
0.001EPSS
SQL injection vulnerability in packagedetails.php in iScripts ReserveLogic 1.0 allows remote attackers to execute arbitrary SQL commands via the pid...
8.7AI Score
0.001EPSS
SQL injection vulnerability in flashPlayer/playVideo.php in iScripts VisualCaster allows remote attackers to execute arbitrary SQL commands via the product_id...
8.7AI Score
0.001EPSS
Multiple SQL injection vulnerabilities in iScripts EasySnaps 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) comment parameter to add_comments.php, (2) values parameter to tags_details.php, or (3) begin parameter to...
8.8AI Score
0.001EPSS
SQL injection vulnerability in detaillist.php in iScripts EasyIndex, possibly 1.0, allows remote attackers to execute arbitrary SQL commands via the produid...
8.4AI Score
0.001EPSS
SQL injection vulnerability in events.php in iScripts SocialWare allows remote attackers to execute arbitrary SQL commands via the id parameter in a show...
8.3AI Score
0.003EPSS
Unrestricted file upload vulnerability in iScripts SocialWare allows remote authenticated administrators to upload arbitrary files via a crafted logo file in the "Manage Settings" functionality. NOTE: remote exploitation is facilitated by a separate SQL injection...
7.2AI Score
0.003EPSS
iScripts SocialWare stores passwords in cleartext in a database, which allows context-dependent attackers to obtain sensitive...
6.3AI Score
0.002EPSS
SQL injection vulnerability in productdetails.php in iScripts MultiCart 2.0 allows remote authenticated users to execute arbitrary SQL commands via the productid...
7.9AI Score
0.001EPSS
Multiple SQL injection vulnerabilities in MultiCart 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) catid parameter to categorydetail.php and the (2) ddlCategory parameter to...
8.5AI Score
0.001EPSS