MidnightBSD

Advisories for website_broker_script_project

CVE-2017-15992 HIGH

Website Broker Script allows SQL Injection via the 'status_id' Parameter to status_list.php.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
website_broker_script_project website_broker_script -
CVE-2018-6900 LOW

PHP Scripts Mall Website Broker Script 3.0.6 has XSS via the Last Name field on the My Profile page.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
website_broker_script_project website_broker_script 3.0.6