Security Vulnerabilities - CVEs Published In 2017
PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the category.php chid1 parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-12-28
PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the seller-view.php usid parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-12-28
PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the shopping-cart.php cusid parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-12-28
PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the admin/sellerupd.php companyname parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-12-28
PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the my_wishlist.php fid parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2017-12-28
PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the my_wishlist.php fid parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-12-28
PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the seller-view.php usid parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2017-12-28
PHP Scripts Mall PHP Multivendor Ecommerce has CSRF via admin/sellerupd.php.
CVSS Score
8.8
EPSS Score
0.001
Published
2017-12-28
In Flexense SysGauge Server 3.6.18, the Control Protocol suffers from a denial of service. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9221.
CVSS Score
7.5
EPSS Score
0.124
Published
2017-12-28
Server-side request forgery (SSRF) vulnerability in Link Preview in Synology Chat before 2.0.0-1124 allows remote authenticated users to download arbitrary local files via a crafted URI.
CVSS Score
6.5
EPSS Score
0.002
Published
2017-12-28