Vulnerabilities > Advanced Real Estate Script Project > Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-01-05	CVE-2019-20337	SQL Injection vulnerability in Advanced Real Estate Script Project Advanced Real Estate Script 4.0.9 In PHP Scripts Mall advanced-real-estate-script 4.0.9, the news_edit.php news_id parameter is vulnerable to SQL Injection. network low complexity advanced-real-estate-script-project CWE-89	6.5
2020-01-05	CVE-2019-20336	Cross-site Scripting vulnerability in Advanced Real Estate Script Project Advanced Real Estate Script 4.0.9 In PHP Scripts Mall advanced-real-estate-script 4.0.9, the search-results.php searchtext parameter is vulnerable to XSS. network advanced-real-estate-script-project CWE-79	4.3
2018-08-10	CVE-2018-15188	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Advanced Real Estate Script Project Advanced Real Estate Script 4.0.9 PHP Scripts Mall advanced-real-estate-script 4.0.9 allows remote attackers to cause a denial of service (page structure loss) via crafted JavaScript code in the Name field of a profile. network low complexity advanced-real-estate-script-project CWE-119	5.5
2018-08-10	CVE-2018-15187	Cross-Site Request Forgery (CSRF) vulnerability in Advanced Real Estate Script Project Advanced Real Estate Script 4.0.9 PHP Scripts Mall advanced-real-estate-script 4.0.9 has CSRF via edit-profile.php. network advanced-real-estate-script-project CWE-352	6.0
2018-01-03	CVE-2018-5073	Cross-Site Request Forgery (CSRF) vulnerability in Advanced Real Estate Script Project Advanced Real Estate Script Online Ticket Booking has CSRF via admin/movieedit.php. network advanced-real-estate-script-project CWE-352	6.0

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.