Vulnerabilities > Vanguard Project > Marketplace Digital Products PHP > 1.6

DATE	CVE	VULNERABILITY TITLE	RISK
2017-12-28	CVE-2017-17937	Cross-site Scripting vulnerability in Vanguard Project Marketplace Digital products PHP Vanguard Marketplace Digital Products PHP has XSS via the phps_query parameter to /search. network low complexity vanguard-project CWE-79	6.1
2017-12-28	CVE-2017-17936	Cross-Site Request Forgery (CSRF) vulnerability in Vanguard Project Marketplace Digital products PHP Vanguard Marketplace Digital Products PHP has CSRF via /search. network low complexity vanguard-project CWE-352	8.8

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.