Iscripts Eswap vulnerabilities
9 known vulnerabilities affecting iscripts/eswap.
Total CVEs
9
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH4MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2010-5036P3HIGHCVSS 7.5PoCv2.02011-11-02
CVE-2010-5036 [HIGH] CWE-89 CVE-2010-5036: SQL injection vulnerability in addsale.php in iScripts eSwap 2.0 allows remote attackers to execute
SQL injection vulnerability in addsale.php in iScripts eSwap 2.0 allows remote attackers to execute arbitrary SQL commands via the type parameter.
nvd
CVE-2018-11372P3CRITICALCVSS 9.8v2.42018-05-22
CVE-2018-11372 [CRITICAL] CWE-89 CVE-2018-11372: iScripts eSwap v2.4 has SQL injection via the wishlistdetailed.php User Panel ToId parameter.
iScripts eSwap v2.4 has SQL injection via the wishlistdetailed.php User Panel ToId parameter.
nvd
CVE-2018-11373P3CRITICALCVSS 9.8v2.42018-05-22
CVE-2018-11373 [CRITICAL] CWE-89 CVE-2018-11373: iScripts eSwap v2.4 has SQL injection via the "salelistdetailed.php" User Panel ToId parameter.
iScripts eSwap v2.4 has SQL injection via the "salelistdetailed.php" User Panel ToId parameter.
nvd
CVE-2018-11470P3HIGHCVSS 8.8v2.42018-05-25
CVE-2018-11470 [HIGH] CWE-89 CVE-2018-11470: iScripts eSwap v2.4 has SQL injection via the "search.php" 'Told' parameter in the User Panel.
iScripts eSwap v2.4 has SQL injection via the "search.php" 'Told' parameter in the User Panel.
nvd
CVE-2010-5035P4MEDIUMCVSS 4.3PoCv2.02011-11-02
CVE-2010-5035 [MEDIUM] CWE-79 CVE-2010-5035: Cross-site scripting (XSS) vulnerability in search.php in iScripts eSwap 2.0 allows remote attackers
Cross-site scripting (XSS) vulnerability in search.php in iScripts eSwap 2.0 allows remote attackers to inject arbitrary web script or HTML via the txtHomeSearch parameter (aka the search field). NOTE: some of these details are obtained from third party information.
nvd
CVE-2018-10050P3HIGHCVSS 7.2v2.42018-04-11
CVE-2018-10050 [HIGH] CWE-89 CVE-2018-10050: iScripts eSwap v2.4 has SQL injection via the "registration_settings.php" ddlFree parameter in the A
iScripts eSwap v2.4 has SQL injection via the "registration_settings.php" ddlFree parameter in the Admin Panel.
nvd
CVE-2018-10048P4HIGHCVSS 8.8v2.42018-04-11
CVE-2018-10048 [HIGH] CWE-352 CVE-2018-10048: iScripts eSwap v2.4 has CSRF via "registration_settings.php" in the Admin Panel.
iScripts eSwap v2.4 has CSRF via "registration_settings.php" in the Admin Panel.
nvd
CVE-2018-10135P4MEDIUMCVSS 6.1v2.42018-04-16
CVE-2018-10135 [MEDIUM] CWE-79 CVE-2018-10135: iScripts eSwap v2.4 has Reflected XSS via the "catwiseproducts.php" catid parameter in the User Pane
iScripts eSwap v2.4 has Reflected XSS via the "catwiseproducts.php" catid parameter in the User Panel.
nvd
CVE-2018-10049P4MEDIUMCVSS 4.8v2.42018-04-11
CVE-2018-10049 [MEDIUM] CWE-79 CVE-2018-10049: iScripts eSwap v2.4 has XSS via the "registration_settings.php" txtDate parameter in the Admin Panel
iScripts eSwap v2.4 has XSS via the "registration_settings.php" txtDate parameter in the Admin Panel.
nvd