← Back

Eswap

eswap

Vendor: Iscripts • 9 CVEs

CVEs (9)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2018-11470
1Iscripts
1Eswap
Nov 21, 2024
May 25, 2018
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
iScripts eSwap v2.4 has SQL injection via the "search.php" 'Told' parameter in the User Panel.
CVE-2018-11373
1Iscripts
1Eswap
Nov 21, 2024
May 22, 2018
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
iScripts eSwap v2.4 has SQL injection via the "salelistdetailed.php" User Panel ToId parameter.
CVE-2018-11372
1Iscripts
1Eswap
Nov 21, 2024
May 22, 2018
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
iScripts eSwap v2.4 has SQL injection via the wishlistdetailed.php User Panel ToId parameter.
CVE-2018-10135
1Iscripts
1Eswap
Nov 21, 2024
Apr 16, 2018
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
iScripts eSwap v2.4 has Reflected XSS via the "catwiseproducts.php" catid parameter in the User Panel.
CVE-2018-10050
1Iscripts
1Eswap
Nov 21, 2024
Apr 11, 2018
N/A· v4
7.2 HIGH· v3
6.5 MEDIUM· v2
iScripts eSwap v2.4 has SQL injection via the "registration_settings.php" ddlFree parameter in the Admin Panel.
CVE-2018-10049
1Iscripts
1Eswap
Nov 21, 2024
Apr 11, 2018
N/A· v4
4.8 MEDIUM· v3
3.5 LOW· v2
iScripts eSwap v2.4 has XSS via the "registration_settings.php" txtDate parameter in the Admin Panel.
CVE-2018-10048
1Iscripts
1Eswap
Nov 21, 2024
Apr 11, 2018
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
iScripts eSwap v2.4 has CSRF via "registration_settings.php" in the Admin Panel.
CVE-2010-5036
1Iscripts
1Eswap
Apr 29, 2026
Nov 2, 2011
N/A· v4
N/A· v3
7.5 HIGH· v2
SQL injection vulnerability in addsale.php in iScripts eSwap 2.0 allows remote attackers to execute arbitrary SQL commands via the type parameter.
CVE-2010-5035
1Iscripts
1Eswap
Apr 29, 2026
Nov 2, 2011
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Cross-site scripting (XSS) vulnerability in search.php in iScripts eSwap 2.0 allows remote attackers to inject arbitrary web script or HTML via the txtHomeSearch parameter (aka the search field). NOTE: some of these det...Show more
Cross-site scripting (XSS) vulnerability in search.php in iScripts eSwap 2.0 allows remote attackers to inject arbitrary web script or HTML via the txtHomeSearch parameter (aka the search field). NOTE: some of these details are obtained from third party information.Show less