Vulnerabilities > Iscripts
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-11 | CVE-2018-10048 | Cross-Site Request Forgery (CSRF) vulnerability in Iscripts Eswap 2.4 iScripts eSwap v2.4 has CSRF via "registration_settings.php" in the Admin Panel. | 6.8 |
| 2018-04-04 | CVE-2018-9237 | Cross-site Scripting vulnerability in Iscripts Easycreate 3.2.1 iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the "Site Description" field. | 3.5 |
| 2018-04-04 | CVE-2018-9236 | Cross-site Scripting vulnerability in Iscripts Easycreate 3.2.1 iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the "Site title" field. | 3.5 |
| 2018-04-04 | CVE-2018-9235 | Cross-site Scripting vulnerability in Iscripts Sonicbb 1.0 iScripts SonicBB 1.0 has Reflected Cross-Site Scripting via the query parameter to search.php. | 4.3 |
| 2013-12-20 | CVE-2013-7190 | Path Traversal vulnerability in Iscripts Autohoster 2.4 Multiple directory traversal vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to read arbitrary files via the (1) tmpid parameter to websitebuilder/showtemplateimage.php, (2) fname parameter to admin/downloadfile.php, or (3) id parameter to support/admin/csvdownload.php; or (4) have an unspecified impact via unspecified vectors in support/parser/main_smtp.php. | 5.0 |
| 2013-12-20 | CVE-2013-7189 | SQL Injection vulnerability in Iscripts Autohoster 2.4 Multiple SQL injection vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to execute arbitrary SQL commands via the cmbdomain parameter to (1) checktransferstatus.php, (2) checktransferstatusbck.php, or (3) additionalsettings.php; or (4) invno parameter to payinvoiceothers.php. | 7.5 |
| 2011-11-02 | CVE-2010-5036 | SQL Injection vulnerability in Iscripts Eswap 2.0 SQL injection vulnerability in addsale.php in iScripts eSwap 2.0 allows remote attackers to execute arbitrary SQL commands via the type parameter. | 7.5 |
| 2011-11-02 | CVE-2010-5035 | Cross-Site Scripting vulnerability in Iscripts Eswap 2.0 Cross-site scripting (XSS) vulnerability in search.php in iScripts eSwap 2.0 allows remote attackers to inject arbitrary web script or HTML via the txtHomeSearch parameter (aka the search field). | 4.3 |
| 2011-11-02 | CVE-2010-5034 | SQL Injection vulnerability in Iscripts Easybiller 1.1 SQL injection vulnerability in viewhistorydetail.php in iScripts EasyBiller 1.1 allows remote attackers to execute arbitrary SQL commands via the planid parameter. | 7.5 |
| 2011-11-01 | CVE-2010-4983 | SQL Injection vulnerability in Iscripts Cybermatch 1.0 SQL injection vulnerability in profile.php in iScripts CyberMatch 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |