Show filters
51 Total Results
Displaying 21-30 of 51
Sort by:
Attacker Value
Unknown

CVE-2022-29628

Disclosure Date: June 02, 2022 (last updated February 23, 2025)
A cross-site scripting (XSS) vulnerability in /omps/seller of Online Market Place Site v1.0 allows attackers to execute arbitrary web cripts or HTML via a crafted payload injected into the Page parameter.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-29627

Disclosure Date: June 02, 2022 (last updated February 23, 2025)
An insecure direct object reference (IDOR) in Online Market Place Site v1.0 allows attackers to modify products that are owned by other sellers.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-41826

Disclosure Date: September 30, 2021 (last updated February 23, 2025)
PlaceOS Authentication Service before 1.29.10.0 allows app/controllers/auth/sessions_controller.rb open redirect.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2020-22122

Disclosure Date: August 18, 2021 (last updated February 23, 2025)
A SQL injection vulnerability in /oa.php?c=Staff&a=read of Find a Place LJCMS v 1.3 allows attackers to access sensitive database information via a crafted POST request.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2014-9014

Disclosure Date: November 06, 2019 (last updated November 27, 2024)
Directory traversal vulnerability in the ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketplace plugin before 2.4.1 for WordPress allows remote authenticated users to download arbitrary files via a .. (dot dot) in the file parameter.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2014-9013

Disclosure Date: November 06, 2019 (last updated November 27, 2024)
The ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketplace plugin 2.4.0 for WordPress allows remote authenticated users to create arbitrary users and gain admin privileges via a request to wpmp_pp_ajax_call with an execution target of wp_insert_user.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2017-18592

Disclosure Date: August 27, 2019 (last updated November 27, 2024)
The woocommerce-catalog-enquiry plugin before 3.1.0 for WordPress has an incorrect wp_upload directory for file uploads.
0
0
Attacker Value
Unknown

CVE-2018-17841

Disclosure Date: June 19, 2019 (last updated November 27, 2024)
SQL injection exists in Scriptzee Flippa Marketplace Clone 1.0 via the site-search sortBy or sortDir parameter.
0
0
Attacker Value
Unknown

CVE-2018-1000829

Disclosure Date: December 20, 2018 (last updated November 27, 2024)
Anyplace version before commit 80359b4 contains a XML External Entity (XXE) vulnerability in Man in the middle on map API call that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This vulnerability appears to have been fixed in after commit 80359b4.
0
0
Attacker Value
Unknown

CVE-2018-16455

Disclosure Date: October 04, 2018 (last updated February 15, 2024)
PHP Scripts Mall Market Place Script 1.0.1 allows XSS via a keyword.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
View More Topics  < Previous  Next >