RSS   Vulnerabilities for 'Advanced real estate script'   RSS

2020-01-05
 
CVE-2019-20337

CWE-89
 

 
In PHP Scripts Mall advanced-real-estate-script 4.0.9, the news_edit.php news_id parameter is vulnerable to SQL Injection.

 
 
CVE-2019-20336

CWE-79
 

 
In PHP Scripts Mall advanced-real-estate-script 4.0.9, the search-results.php searchtext parameter is vulnerable to XSS.

 
2018-08-10
 
CVE-2018-15189

CWE-79
 

 
PHP Scripts Mall advanced-real-estate-script has XSS via the Name field of a profile.

 
 
CVE-2018-15188

CWE-119
 

 
PHP Scripts Mall advanced-real-estate-script 4.0.9 allows remote attackers to cause a denial of service (page structure loss) via crafted JavaScript code in the Name field of a profile.

 
 
CVE-2018-15187

CWE-352
 

 
PHP Scripts Mall advanced-real-estate-script 4.0.9 has CSRF via edit-profile.php.

 
2018-01-03
 
CVE-2018-5078

CWE-79
 

 
Online Ticket Booking has XSS via the admin/eventlist.php cast parameter.

 
 
CVE-2018-5077

CWE-79
 

 
Online Ticket Booking has XSS via the admin/movieedit.php moviename parameter.

 
 
CVE-2018-5076

CWE-79
 

 
Online Ticket Booking has XSS via the admin/newsedit.php newstitle parameter.

 
 
CVE-2018-5075

CWE-79
 

 
Online Ticket Booking has XSS via the admin/snacks_edit.php snacks_name parameter.

 
 
CVE-2018-5074

CWE-79
 

 
Online Ticket Booking has XSS via the admin/manageownerlist.php contact parameter.

 


Copyright 2020, cxsecurity.com

 

Back to Top