Every CVE whose affected-product data names Website Seller Script Project Website Seller Script, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2018-6879 — CVSS 8.8 (high): PHP Scripts Mall Website Seller Script 2.0.3 uses the client side to enforce validation of an e-mail address, which allows remote attackers…
CVE-2018-11501 — CVSS 8.8 (high): PHP Scripts Mall Website Seller Script 2.0.3 has CSRF via user_submit.php?upd=2, with resultant XSS.
CVE-2018-15897 — CVSS 6.5 (medium): PHP Scripts Mall Website Seller Script 2.0.5 allows remote attackers to cause a denial of service via crafted JavaScript code in the First…
CVE-2018-6870 — CVSS 6.1 (medium): Reflected XSS exists in PHP Scripts Mall Website Seller Script 2.0.3 via the Listings Search feature.
CVE-2018-20530 — CVSS 5.4 (medium): PHP Scripts Mall Website Seller Script 2.0.5 has XSS via a Profile field such as Company Address, a related issue to CVE-2018-15896.
CVE-2018-20631 — CVSS 5.3 (medium): PHP Scripts Mall Website Seller Script 2.0.5 allows full Path Disclosure via a request for an arbitrary image URL such as a .png file.