5 matches found
CVE-2017-17649
Readymade Video Sharing Script 3.2 is affected by an HTML Injection vulnerability in the single-video-detail.php comment parameter. The root cause is unvalidated input reflected into HTML, enabling injection of markup. Affected component: Readymade Video Sharing Script 3.2 (PHP Scripts Mall). Rep...
CVE-2017-17627
The CVE-2017-17627 vulnerability affects Readymade Video Sharing Script 3.2, where SQL injection is possible in the single-video-detail.php endpoint via the report_videos array parameter. Multiple connected sources confirm a remote SQL injection vulnerability (CNVD-2017-37425, NVD entry) with rem...
CVE-2017-17891
CVE-2017-17891 affects Readymade Video Sharing Script. The vulnerability is a cross-site request forgery (CSRF) in the user-profile-edit.php endpoint. According to CNVD-2018-01938 and corroborating sources, a remote attacker can lure a logged‑in user to trigger changes to sensitive settings via t...
CVE-2017-17893
The following CVE concerns the Readymade Video Sharing Script (PHP Scripts Mall). It has a stored/reflected Cross‑Site Scripting (XSS) vulnerability exploitable via user input parameters: search_video.php using the search parameter, viewsubs.php using the chnlid parameter, and user-profile-edit.p...
CVE-2017-17892
The CVE-2017-17892 entry refers to Readymade Video Sharing Script with an SQL Injection vulnerability exposed through viewsubs.php?chnlid and search_video.php?search. Multiple connected sources confirm this vulnerability exists in the Readymade Video Sharing Script and detail the injection vector...