Eswap Security Vulnerabilities and Issues — Eswap CVE List

Lucene search

IscriptsEswap

9 matches found

CVE•added 2018/04/11 8:29 p.m.•43 views

CVE-2018-10050

iScripts eSwap v2.4 has SQL injection via the "registration_settings.php" ddlFree parameter in the Admin Panel.

7.2CVSS7.4AI score0.0026EPSS

CVE•added 2018/04/11 8:29 p.m.•38 views

CVE-2018-10048

iScripts eSwap v2.4 has CSRF via "registration_settings.php" in the Admin Panel.

8.8CVSS8.6AI score0.00145EPSS

CVE•added 2018/05/22 5:29 p.m.•38 views

CVE-2018-11372

iScripts eSwap v2.4 has SQL injection via the wishlistdetailed.php User Panel ToId parameter.

9.8CVSS9.8AI score0.00307EPSS

CVE•added 2018/04/11 8:29 p.m.•37 views

CVE-2018-10049

iScripts eSwap v2.4 has XSS via the "registration_settings.php" txtDate parameter in the Admin Panel.

4.8CVSS4.9AI score0.00235EPSS

CVE•added 2018/04/16 6:29 p.m.•35 views

CVE-2018-10135

iScripts eSwap v2.4 has Reflected XSS via the "catwiseproducts.php" catid parameter in the User Panel.

6.1CVSS5.9AI score0.0024EPSS

CVE•added 2011/11/02 9:55 p.m.•34 views

CVE-2010-5036

SQL injection vulnerability in addsale.php in iScripts eSwap 2.0 allows remote attackers to execute arbitrary SQL commands via the type parameter.

7.5CVSS8.7AI score0.01614EPSS

CVE•added 2018/05/22 5:29 p.m.•34 views

CVE-2018-11373

iScripts eSwap v2.4 has SQL injection via the "salelistdetailed.php" User Panel ToId parameter.

9.8CVSS9.8AI score0.00307EPSS

CVE•added 2011/11/02 9:55 p.m.•27 views

CVE-2010-5035

Cross-site scripting (XSS) vulnerability in search.php in iScripts eSwap 2.0 allows remote attackers to inject arbitrary web script or HTML via the txtHomeSearch parameter (aka the search field). NOTE: some of these details are obtained from third party information.

4.3CVSS5.9AI score0.06571EPSS

CVE•added 2018/05/25 2:29 p.m.•26 views

CVE-2018-11470

iScripts eSwap v2.4 has SQL injection via the "search.php" 'Told' parameter in the User Panel.

8.8CVSS9AI score0.00244EPSS