Vulnerabilities > Chartered Accountant
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-06 | CVE-2019-7553 | Cross-site Scripting vulnerability in Chartered Accountant : Auditor Website Project Chartered Accountant : Auditor Website 2.0.1 PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has Stored XSS in the Profile Update page via the My Name field. | 5.4 |
| 2019-03-21 | CVE-2018-20638 | Path Traversal vulnerability in Chartered Accountant : Auditor Website Project Chartered Accountant : Auditor Website 2.0.1 PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory. | 4.0 |
| 2019-03-21 | CVE-2018-20637 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Chartered Accountant : Auditor Website Project Chartered Accountant : Auditor Website 2.0.1 PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 allows remote attackers to cause a denial of service (unrecoverable blank profile) via crafted JavaScript code in the First Name and Last Name field. | 4.0 |
| 2019-03-21 | CVE-2018-20636 | Cross-site Scripting vulnerability in Chartered Accountant : Auditor Website Project Chartered Accountant : Auditor Website 2.0.1 PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has HTML injection via the First Name field. | 3.5 |
| 2018-08-10 | CVE-2018-15186 | Cross-Site Request Forgery (CSRF) vulnerability in Chartered Accountant : Auditor Website Project Chartered Accountant : Auditor Website 2.0.1 PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has CSRF via client/auditor/updprofile.php. | 6.8 |
| 2018-07-09 | CVE-2018-13256 | Cross-site Scripting vulnerability in Chartered Accountant : Auditor Website Project Chartered Accountant : Auditor Website 2.0.1 PHP Scripts Mall Auditor Website 2.0.1 has XSS via the lastname or firstname parameter. | 4.3 |