Show filters
4 Total Results
Displaying 1-4 of 4
Sort by:
Attacker Value
Unknown

CVE-2021-41421

Disclosure Date: June 16, 2022 (last updated February 23, 2025)
A PHP code injection vulnerability in MaianAffiliate v.1.0 allows an authenticated attacker to gain RCE through the MaianAffiliate admin panel.
Attack Vector: NetworkPrivileges: HighUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2021-41420

Disclosure Date: June 16, 2022 (last updated February 23, 2025)
A stored XSS vulnerability in MaianAffiliate v.1.0 allows an authenticated attacker for arbitrary JavaScript code execution in the context of authenticated and unauthenticated users through the MaianAffiliate admin panel.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2021-39404

Disclosure Date: September 22, 2021 (last updated February 23, 2025)
MaianAffiliate v1.0 allows an authenticated administrative user to save an XSS to the database.
Attack Vector: NetworkPrivileges: HighUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2021-39402

Disclosure Date: September 20, 2021 (last updated February 23, 2025)
MaianAffiliate v.1.0 is suffers from code injection by adding a new product via the admin panel. The injected payload is reflected on the affiliate main page for all authenticated and unauthenticated visitors.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0