MidnightBSD

Advisories for iscripts

CVE-2010-2624 HIGH

Multiple SQL injection vulnerabilities in iScripts EasySnaps 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) comment parameter to add_comments.php, (2) values parameter to tags_details.php, or (3) begin parameter to greetings.php.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
iscripts easysnaps 2.0
CVE-2010-2853 HIGH

SQL injection vulnerability in flashPlayer/playVideo.php in iScripts VisualCaster allows remote attackers to execute arbitrary SQL commands via the product_id parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
iscripts visualcaster *
CVE-2010-4980 HIGH

SQL injection vulnerability in packagedetails.php in iScripts ReserveLogic 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
iscripts reservelogic 1.0
CVE-2010-4983 HIGH

SQL injection vulnerability in profile.php in iScripts CyberMatch 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
iscripts cybermatch 1.0
CVE-2010-5034 HIGH

SQL injection vulnerability in viewhistorydetail.php in iScripts EasyBiller 1.1 allows remote attackers to execute arbitrary SQL commands via the planid parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
iscripts easybiller 1.1
CVE-2010-5035 MEDIUM

Cross-site scripting (XSS) vulnerability in search.php in iScripts eSwap 2.0 allows remote attackers to inject arbitrary web script or HTML via the txtHomeSearch parameter (aka the search field). NOTE: some of these details are obtained from third party information.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
iscripts eswap 2.0
CVE-2010-5036 HIGH

SQL injection vulnerability in addsale.php in iScripts eSwap 2.0 allows remote attackers to execute arbitrary SQL commands via the type parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
iscripts eswap 2.0
CVE-2013-7189 HIGH

Multiple SQL injection vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to execute arbitrary SQL commands via the cmbdomain parameter to (1) checktransferstatus.php, (2) checktransferstatusbck.php, or (3) additionalsettings.php; or (4) invno parameter to payinvoiceothers.php.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
iscripts autohoster 2.4
CVE-2013-7190 MEDIUM

Multiple directory traversal vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to read arbitrary files via the (1) tmpid parameter to websitebuilder/showtemplateimage.php, (2) fname parameter to admin/downloadfile.php, or (3) id parameter to support/admin/csvdownload.php; or (4) have an unspecified impact via unspecified vectors in support/parser/main_smtp.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
iscripts autohoster 2.4
CVE-2018-10048 MEDIUM

iScripts eSwap v2.4 has CSRF via "registration_settings.php" in the Admin Panel.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
iscripts eswap 2.4
CVE-2018-10049 LOW

iScripts eSwap v2.4 has XSS via the "registration_settings.php" txtDate parameter in the Admin Panel.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
iscripts eswap 2.4
CVE-2018-10050 MEDIUM

iScripts eSwap v2.4 has SQL injection via the "registration_settings.php" ddlFree parameter in the Admin Panel.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
iscripts eswap 2.4
CVE-2018-10051 LOW

iScripts SupportDesk v4.3 has XSS via the staff/inteligentsearchresult.php txtinteligentsearch parameter.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
iscripts supportdesk 4.3
CVE-2018-10052 LOW

iScripts SupportDesk v4.3 has XSS via the admin/inteligentsearchresult.php txtinteligentsearch parameter.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
iscripts supportdesk 4.3
CVE-2018-10135 MEDIUM

iScripts eSwap v2.4 has Reflected XSS via the "catwiseproducts.php" catid parameter in the User Panel.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
iscripts eswap 2.4
CVE-2018-10136 MEDIUM

iScripts UberforX 2.2 has Stored XSS in the "manage_settings" section of the Admin Panel via a value field to the /cms?section=manage_settings&action=edit URI.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
iscripts uberforx 2.2
CVE-2018-10137 MEDIUM

iScripts UberforX 2.2 has CSRF in the "manage_settings" section of the Admin Panel via the /cms?section=manage_settings&action=edit URI.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
iscripts uberforx 2.2
CVE-2018-11372 HIGH

iScripts eSwap v2.4 has SQL injection via the wishlistdetailed.php User Panel ToId parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
iscripts eswap 2.4
CVE-2018-11373 HIGH

iScripts eSwap v2.4 has SQL injection via the "salelistdetailed.php" User Panel ToId parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
iscripts eswap 2.4
CVE-2018-11470 MEDIUM

iScripts eSwap v2.4 has SQL injection via the "search.php" 'Told' parameter in the User Panel.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
iscripts eswap 2.4
CVE-2018-9235 MEDIUM

iScripts SonicBB 1.0 has Reflected Cross-Site Scripting via the query parameter to search.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
iscripts sonicbb 1.0
CVE-2018-9236 LOW

iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the "Site title" field.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
iscripts easycreate 3.2.1
CVE-2018-9237 LOW

iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the "Site Description" field.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
iscripts easycreate 3.2.1