Advanced Real Estate Script 4.0.7 has SQL Injection via the search-results.php Projectmain, proj_type, searchtext, sell_price, or maxprice parameter.
9.8CVSS
9.9AI Score
0.002EPSS
8CVSS
7.9AI Score
0.001EPSS
PHP Scripts Mall advanced-real-estate-script 4.0.9 allows remote attackers to cause a denial of service (page structure loss) via crafted JavaScript code in the Name field of a profile.
6.5CVSS
6.5AI Score
0.001EPSS
PHP Scripts Mall advanced-real-estate-script has XSS via the Name field of a profile.
5.4CVSS
5.3AI Score
0.001EPSS
4.8CVSS
4.9AI Score
0.001EPSS
6.8CVSS
6.7AI Score
0.001EPSS
4.8CVSS
4.9AI Score
0.001EPSS
4.8CVSS
4.9AI Score
0.001EPSS
4.8CVSS
4.9AI Score
0.001EPSS
4.8CVSS
4.9AI Score
0.001EPSS
4.8CVSS
4.9AI Score
0.001EPSS
In PHP Scripts Mall advanced-real-estate-script 4.0.9, the search-results.php searchtext parameter is vulnerable to XSS.
6.1CVSS
6.3AI Score
0.001EPSS
In PHP Scripts Mall advanced-real-estate-script 4.0.9, the news_edit.php news_id parameter is vulnerable to SQL Injection.
7.2CVSS
7.2AI Score
0.001EPSS