RSS   Vulnerabilities for 'Advanced real estate script'   RSS

2018-01-03
 
CVE-2018-5078

CWE-79
 

 
Online Ticket Booking has XSS via the admin/eventlist.php cast parameter.

 
 
CVE-2018-5077

CWE-79
 

 
Online Ticket Booking has XSS via the admin/movieedit.php moviename parameter.

 
 
CVE-2018-5076

CWE-79
 

 
Online Ticket Booking has XSS via the admin/newsedit.php newstitle parameter.

 
 
CVE-2018-5075

CWE-79
 

 
Online Ticket Booking has XSS via the admin/snacks_edit.php snacks_name parameter.

 
 
CVE-2018-5074

CWE-79
 

 
Online Ticket Booking has XSS via the admin/manageownerlist.php contact parameter.

 
 
CVE-2018-5073

CWE-352
 

 
Online Ticket Booking has CSRF via admin/movieedit.php.

 
 
CVE-2018-5072

CWE-79
 

 
Online Ticket Booking has XSS via the admin/sitesettings.php keyword parameter.

 
2017-12-13
 
CVE-2017-17603

CWE-89
 

 
Advanced Real Estate Script 4.0.7 has SQL Injection via the search-results.php Projectmain, proj_type, searchtext, sell_price, or maxprice parameter.

 


Copyright 2018, cxsecurity.com

 

Back to Top