Vulnerabilities > Dsmall Project

DATE CVE VULNERABILITY TITLE RISK
2018-04-04 CVE-2018-9307 Cross-site Scripting vulnerability in Dsmall Project Dsmall 20180320
dsmall v20180320 allows XSS via the pdr_sn parameter to public/index.php/home/predeposit/index.html.
4.3
2018-03-25 CVE-2018-9017 Cross-site Scripting vulnerability in Dsmall Project Dsmall 20180320
dsmall v20180320 allows XSS via the member search box at the public/index.php/home/membersnsfriend/findlist.html URI.
3.5
2018-03-25 CVE-2018-9016 Cross-site Scripting vulnerability in Dsmall Project Dsmall 20180320
dsmall v20180320 allows XSS via the main page search box at the public/index.php/home URI.
4.3
2018-03-25 CVE-2018-9015 Cross-site Scripting vulnerability in Dsmall Project Dsmall 20180320
dsmall v20180320 allows XSS via the public/index.php/home/predeposit/index.html pdr_sn parameter (aka the CMS search box).
3.5
2018-03-25 CVE-2018-9014 Information Exposure vulnerability in Dsmall Project Dsmall 20180320
dsmall v20180320 allows physical path leakage via a public/index.php/home/predeposit/index.html?pdr_sn= request.
network
low complexity
dsmall-project CWE-200
5.0
2018-03-22 CVE-2018-8906 Cross-site Scripting vulnerability in Dsmall Project Dsmall 20180320
dsmall v20180320 has XSS via a crafted street address to public/index.php/home/memberaddress/index.html, which is mishandled at public/index.php/home/memberaddress/edit/address_id/2.html.
4.3