Iscripts

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-11470 1Iscripts 1Eswap Nov 21, 2024 May 25, 2018 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 iScripts eSwap v2.4 has SQL injection via the "search.php" 'Told' parameter in the User Panel.
CVE-2018-11373 1Iscripts 1Eswap Nov 21, 2024 May 22, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 iScripts eSwap v2.4 has SQL injection via the "salelistdetailed.php" User Panel ToId parameter.
CVE-2018-11372 1Iscripts 1Eswap Nov 21, 2024 May 22, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 iScripts eSwap v2.4 has SQL injection via the wishlistdetailed.php User Panel ToId parameter.
CVE-2018-10137 1Iscripts 1Uberforx Nov 21, 2024 Apr 16, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 iScripts UberforX 2.2 has CSRF in the "manage_settings" section of the Admin Panel via the /cms?section=manage_settings&action=edit URI.
CVE-2018-10136 1Iscripts 1Uberforx Nov 21, 2024 Apr 16, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 iScripts UberforX 2.2 has Stored XSS in the "manage_settings" section of the Admin Panel via a value field to the /cms?section=manage_settings&action=edit URI.
CVE-2018-10135 1Iscripts 1Eswap Nov 21, 2024 Apr 16, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 iScripts eSwap v2.4 has Reflected XSS via the "catwiseproducts.php" catid parameter in the User Panel.
CVE-2018-10052 1Iscripts 1Supportdesk Nov 21, 2024 Apr 11, 2018 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 iScripts SupportDesk v4.3 has XSS via the admin/inteligentsearchresult.php txtinteligentsearch parameter.
CVE-2018-10051 1Iscripts 1Supportdesk Nov 21, 2024 Apr 11, 2018 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 iScripts SupportDesk v4.3 has XSS via the staff/inteligentsearchresult.php txtinteligentsearch parameter.
CVE-2018-10050 1Iscripts 1Eswap Nov 21, 2024 Apr 11, 2018 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 iScripts eSwap v2.4 has SQL injection via the "registration_settings.php" ddlFree parameter in the Admin Panel.
CVE-2018-10049 1Iscripts 1Eswap Nov 21, 2024 Apr 11, 2018 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 iScripts eSwap v2.4 has XSS via the "registration_settings.php" txtDate parameter in the Admin Panel.
CVE-2018-10048 1Iscripts 1Eswap Nov 21, 2024 Apr 11, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 iScripts eSwap v2.4 has CSRF via "registration_settings.php" in the Admin Panel.
CVE-2018-9237 1Iscripts 1Easycreate Jun 17, 2026 Apr 4, 2018 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the "Site Description" field.
CVE-2018-9236 1Iscripts 1Easycreate Jun 17, 2026 Apr 4, 2018 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the "Site title" field.
CVE-2018-9235 1Iscripts 1Sonicbb Jun 17, 2026 Apr 4, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 iScripts SonicBB 1.0 has Reflected Cross-Site Scripting via the query parameter to search.php.
CVE-2013-7190 1Iscripts 1Autohoster Apr 29, 2026 Dec 20, 2013 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Multiple directory traversal vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to read arbitrary files via the (1) tmpid parameter to websitebuilder/showtemplateimage.php, (2) fname parameter t...Show more Multiple directory traversal vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to read arbitrary files via the (1) tmpid parameter to websitebuilder/showtemplateimage.php, (2) fname parameter to admin/downloadfile.php, or (3) id parameter to support/admin/csvdownload.php; or (4) have an unspecified impact via unspecified vectors in support/parser/main_smtp.php.Show less
CVE-2013-7189 1Iscripts 1Autohoster Apr 29, 2026 Dec 20, 2013 N/A· v4 N/A· v3 7.5 HIGH· v2 Multiple SQL injection vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to execute arbitrary SQL commands via the cmbdomain parameter to (1) checktransferstatus.php, (2) checktransferstatusbck...Show more Multiple SQL injection vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to execute arbitrary SQL commands via the cmbdomain parameter to (1) checktransferstatus.php, (2) checktransferstatusbck.php, or (3) additionalsettings.php; or (4) invno parameter to payinvoiceothers.php.Show less
CVE-2010-5036 1Iscripts 1Eswap Apr 29, 2026 Nov 2, 2011 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in addsale.php in iScripts eSwap 2.0 allows remote attackers to execute arbitrary SQL commands via the type parameter.
CVE-2010-5035 1Iscripts 1Eswap Apr 29, 2026 Nov 2, 2011 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in search.php in iScripts eSwap 2.0 allows remote attackers to inject arbitrary web script or HTML via the txtHomeSearch parameter (aka the search field). NOTE: some of these det...Show more Cross-site scripting (XSS) vulnerability in search.php in iScripts eSwap 2.0 allows remote attackers to inject arbitrary web script or HTML via the txtHomeSearch parameter (aka the search field). NOTE: some of these details are obtained from third party information.Show less
CVE-2010-5034 1Iscripts 1Easybiller Apr 29, 2026 Nov 2, 2011 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in viewhistorydetail.php in iScripts EasyBiller 1.1 allows remote attackers to execute arbitrary SQL commands via the planid parameter.
CVE-2010-4983 1Iscripts 1Cybermatch Apr 29, 2026 Nov 1, 2011 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in profile.php in iScripts CyberMatch 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

12 Next