Maianmedia: Security Vulnerabilities
A stored XSS vulnerability in MaianAffiliate v.1.0 allows an authenticated attacker for arbitrary JavaScript code execution in the context of authenticated and unauthenticated users through the MaianAffiliate admin panel.
CVSS Score
5.4
EPSS Score
0.019
Published
2022-06-16
A PHP code injection vulnerability in MaianAffiliate v.1.0 allows an authenticated attacker to gain RCE through the MaianAffiliate admin panel.
CVSS Score
4.8
EPSS Score
0.003
Published
2022-06-16
MaianAffiliate v.1.0 is suffers from code injection by adding a new product via the admin panel. The injected payload is reflected on the affiliate main page for all authenticated and unauthenticated visitors.
CVSS Score
7.2
EPSS Score
0.015
Published
2021-09-20