Vulnerabilities > Iscripts > Eswap

DATE CVE VULNERABILITY TITLE RISK
2018-05-25 CVE-2018-11470 SQL Injection vulnerability in Iscripts Eswap 2.4
iScripts eSwap v2.4 has SQL injection via the "search.php" 'Told' parameter in the User Panel.
network
low complexity
iscripts CWE-89
6.5
6.5
2018-05-22 CVE-2018-11373 SQL Injection vulnerability in Iscripts Eswap 2.4
iScripts eSwap v2.4 has SQL injection via the "salelistdetailed.php" User Panel ToId parameter.
network
low complexity
iscripts CWE-89
7.5
7.5
2018-05-22 CVE-2018-11372 SQL Injection vulnerability in Iscripts Eswap 2.4
iScripts eSwap v2.4 has SQL injection via the wishlistdetailed.php User Panel ToId parameter.
network
low complexity
iscripts CWE-89
7.5
7.5
2018-04-16 CVE-2018-10135 Cross-site Scripting vulnerability in Iscripts Eswap 2.4
iScripts eSwap v2.4 has Reflected XSS via the "catwiseproducts.php" catid parameter in the User Panel.
network
iscripts CWE-79
4.3
4.3
2018-04-11 CVE-2018-10050 SQL Injection vulnerability in Iscripts Eswap 2.4
iScripts eSwap v2.4 has SQL injection via the "registration_settings.php" ddlFree parameter in the Admin Panel.
network
low complexity
iscripts CWE-89
6.5
6.5
2018-04-11 CVE-2018-10049 Cross-site Scripting vulnerability in Iscripts Eswap 2.4
iScripts eSwap v2.4 has XSS via the "registration_settings.php" txtDate parameter in the Admin Panel.
network
iscripts CWE-79
3.5
3.5
2018-04-11 CVE-2018-10048 Cross-Site Request Forgery (CSRF) vulnerability in Iscripts Eswap 2.4
iScripts eSwap v2.4 has CSRF via "registration_settings.php" in the Admin Panel.
network
iscripts CWE-352
6.8
6.8
2011-11-02 CVE-2010-5036 SQL Injection vulnerability in Iscripts Eswap 2.0
SQL injection vulnerability in addsale.php in iScripts eSwap 2.0 allows remote attackers to execute arbitrary SQL commands via the type parameter.
network
low complexity
iscripts CWE-89
7.5
7.5
2011-11-02 CVE-2010-5035 Cross-Site Scripting vulnerability in Iscripts Eswap 2.0
Cross-site scripting (XSS) vulnerability in search.php in iScripts eSwap 2.0 allows remote attackers to inject arbitrary web script or HTML via the txtHomeSearch parameter (aka the search field).
network
iscripts CWE-79
4.3
4.3