cbcvebase.

Iscripts Eswap vulnerabilities

9 known vulnerabilities affecting iscripts/eswap.

Total CVEs
9
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH4MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2010-5036P3HIGHCVSS 7.5PoCv2.02011-11-02
CVE-2010-5036 [HIGH] CWE-89 CVE-2010-5036: SQL injection vulnerability in addsale.php in iScripts eSwap 2.0 allows remote attackers to execute SQL injection vulnerability in addsale.php in iScripts eSwap 2.0 allows remote attackers to execute arbitrary SQL commands via the type parameter.
nvd
CVE-2018-11372P3CRITICALCVSS 9.8v2.42018-05-22
CVE-2018-11372 [CRITICAL] CWE-89 CVE-2018-11372: iScripts eSwap v2.4 has SQL injection via the wishlistdetailed.php User Panel ToId parameter. iScripts eSwap v2.4 has SQL injection via the wishlistdetailed.php User Panel ToId parameter.
nvd
CVE-2018-11373P3CRITICALCVSS 9.8v2.42018-05-22
CVE-2018-11373 [CRITICAL] CWE-89 CVE-2018-11373: iScripts eSwap v2.4 has SQL injection via the "salelistdetailed.php" User Panel ToId parameter. iScripts eSwap v2.4 has SQL injection via the "salelistdetailed.php" User Panel ToId parameter.
nvd
CVE-2018-11470P3HIGHCVSS 8.8v2.42018-05-25
CVE-2018-11470 [HIGH] CWE-89 CVE-2018-11470: iScripts eSwap v2.4 has SQL injection via the "search.php" 'Told' parameter in the User Panel. iScripts eSwap v2.4 has SQL injection via the "search.php" 'Told' parameter in the User Panel.
nvd
CVE-2010-5035P4MEDIUMCVSS 4.3PoCv2.02011-11-02
CVE-2010-5035 [MEDIUM] CWE-79 CVE-2010-5035: Cross-site scripting (XSS) vulnerability in search.php in iScripts eSwap 2.0 allows remote attackers Cross-site scripting (XSS) vulnerability in search.php in iScripts eSwap 2.0 allows remote attackers to inject arbitrary web script or HTML via the txtHomeSearch parameter (aka the search field). NOTE: some of these details are obtained from third party information.
nvd
CVE-2018-10050P3HIGHCVSS 7.2v2.42018-04-11
CVE-2018-10050 [HIGH] CWE-89 CVE-2018-10050: iScripts eSwap v2.4 has SQL injection via the "registration_settings.php" ddlFree parameter in the A iScripts eSwap v2.4 has SQL injection via the "registration_settings.php" ddlFree parameter in the Admin Panel.
nvd
CVE-2018-10048P4HIGHCVSS 8.8v2.42018-04-11
CVE-2018-10048 [HIGH] CWE-352 CVE-2018-10048: iScripts eSwap v2.4 has CSRF via "registration_settings.php" in the Admin Panel. iScripts eSwap v2.4 has CSRF via "registration_settings.php" in the Admin Panel.
nvd
CVE-2018-10135P4MEDIUMCVSS 6.1v2.42018-04-16
CVE-2018-10135 [MEDIUM] CWE-79 CVE-2018-10135: iScripts eSwap v2.4 has Reflected XSS via the "catwiseproducts.php" catid parameter in the User Pane iScripts eSwap v2.4 has Reflected XSS via the "catwiseproducts.php" catid parameter in the User Panel.
nvd
CVE-2018-10049P4MEDIUMCVSS 4.8v2.42018-04-11
CVE-2018-10049 [MEDIUM] CWE-79 CVE-2018-10049: iScripts eSwap v2.4 has XSS via the "registration_settings.php" txtDate parameter in the Admin Panel iScripts eSwap v2.4 has XSS via the "registration_settings.php" txtDate parameter in the Admin Panel.
nvd
Iscripts Eswap vulnerabilities | cvebase