Vulnerabilities > Advanced Real Estate Script Project > Advanced Real Estate Script > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-01-05 | CVE-2019-20337 | SQL Injection vulnerability in Advanced Real Estate Script Project Advanced Real Estate Script 4.0.9 In PHP Scripts Mall advanced-real-estate-script 4.0.9, the news_edit.php news_id parameter is vulnerable to SQL Injection. | 6.5 |
2020-01-05 | CVE-2019-20336 | Cross-site Scripting vulnerability in Advanced Real Estate Script Project Advanced Real Estate Script 4.0.9 In PHP Scripts Mall advanced-real-estate-script 4.0.9, the search-results.php searchtext parameter is vulnerable to XSS. | 4.3 |
2018-08-10 | CVE-2018-15188 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Advanced Real Estate Script Project Advanced Real Estate Script 4.0.9 PHP Scripts Mall advanced-real-estate-script 4.0.9 allows remote attackers to cause a denial of service (page structure loss) via crafted JavaScript code in the Name field of a profile. | 5.5 |
2018-08-10 | CVE-2018-15187 | Cross-Site Request Forgery (CSRF) vulnerability in Advanced Real Estate Script Project Advanced Real Estate Script 4.0.9 PHP Scripts Mall advanced-real-estate-script 4.0.9 has CSRF via edit-profile.php. | 6.0 |
2018-01-03 | CVE-2018-5073 | Cross-Site Request Forgery (CSRF) vulnerability in Advanced Real Estate Script Project Advanced Real Estate Script Online Ticket Booking has CSRF via admin/movieedit.php. | 6.0 |