Vulnerabilities > Iscripts > Eswap > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-05-25 CVE-2018-11470 SQL Injection vulnerability in Iscripts Eswap 2.4
iScripts eSwap v2.4 has SQL injection via the "search.php" 'Told' parameter in the User Panel.
network
low complexity
iscripts CWE-89
6.5
2018-04-16 CVE-2018-10135 Cross-site Scripting vulnerability in Iscripts Eswap 2.4
iScripts eSwap v2.4 has Reflected XSS via the "catwiseproducts.php" catid parameter in the User Panel.
network
iscripts CWE-79
4.3
2018-04-11 CVE-2018-10050 SQL Injection vulnerability in Iscripts Eswap 2.4
iScripts eSwap v2.4 has SQL injection via the "registration_settings.php" ddlFree parameter in the Admin Panel.
network
low complexity
iscripts CWE-89
6.5
2018-04-11 CVE-2018-10048 Cross-Site Request Forgery (CSRF) vulnerability in Iscripts Eswap 2.4
iScripts eSwap v2.4 has CSRF via "registration_settings.php" in the Admin Panel.
network
iscripts CWE-352
6.8
2011-11-02 CVE-2010-5035 Cross-Site Scripting vulnerability in Iscripts Eswap 2.0
Cross-site scripting (XSS) vulnerability in search.php in iScripts eSwap 2.0 allows remote attackers to inject arbitrary web script or HTML via the txtHomeSearch parameter (aka the search field).
network
iscripts CWE-79
4.3