Vulnerabilities > Iscripts

DATE	CVE	VULNERABILITY TITLE	RISK
2018-05-25	CVE-2018-11470	SQL Injection vulnerability in Iscripts Eswap 2.4 iScripts eSwap v2.4 has SQL injection via the "search.php" 'Told' parameter in the User Panel. network low complexity iscripts CWE-89	8.8
2018-05-22	CVE-2018-11373	SQL Injection vulnerability in Iscripts Eswap 2.4 iScripts eSwap v2.4 has SQL injection via the "salelistdetailed.php" User Panel ToId parameter. network low complexity iscripts CWE-89 critical	9.8
2018-05-22	CVE-2018-11372	SQL Injection vulnerability in Iscripts Eswap 2.4 iScripts eSwap v2.4 has SQL injection via the wishlistdetailed.php User Panel ToId parameter. network low complexity iscripts CWE-89 critical	9.8
2018-04-16	CVE-2018-10137	Cross-Site Request Forgery (CSRF) vulnerability in Iscripts Uberforx 2.2 iScripts UberforX 2.2 has CSRF in the "manage_settings" section of the Admin Panel via the /cms?section=manage_settings&action=edit URI. network low complexity iscripts CWE-352	8.8
2018-04-16	CVE-2018-10136	Cross-site Scripting vulnerability in Iscripts Uberforx 2.2 iScripts UberforX 2.2 has Stored XSS in the "manage_settings" section of the Admin Panel via a value field to the /cms?section=manage_settings&action=edit URI. network low complexity iscripts CWE-79	6.1
2018-04-16	CVE-2018-10135	Cross-site Scripting vulnerability in Iscripts Eswap 2.4 iScripts eSwap v2.4 has Reflected XSS via the "catwiseproducts.php" catid parameter in the User Panel. network low complexity iscripts CWE-79	6.1
2018-04-11	CVE-2018-10052	Cross-site Scripting vulnerability in Iscripts Supportdesk 4.3 iScripts SupportDesk v4.3 has XSS via the admin/inteligentsearchresult.php txtinteligentsearch parameter. network low complexity iscripts CWE-79	4.8
2018-04-11	CVE-2018-10051	Cross-site Scripting vulnerability in Iscripts Supportdesk 4.3 iScripts SupportDesk v4.3 has XSS via the staff/inteligentsearchresult.php txtinteligentsearch parameter. network low complexity iscripts CWE-79	5.4
2018-04-11	CVE-2018-10050	SQL Injection vulnerability in Iscripts Eswap 2.4 iScripts eSwap v2.4 has SQL injection via the "registration_settings.php" ddlFree parameter in the Admin Panel. network low complexity iscripts CWE-89	7.2
2018-04-11	CVE-2018-10049	Cross-site Scripting vulnerability in Iscripts Eswap 2.4 iScripts eSwap v2.4 has XSS via the "registration_settings.php" txtDate parameter in the Admin Panel. network low complexity iscripts CWE-79	4.8

Vulnerabilities > Iscripts {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Iscripts"}]}

Vulnerabilities > Iscripts