Cross-site scripting (XSS) vulnerability in search.php in iScripts eSwap 2.0 allows remote attackers to inject arbitrary web script or HTML via the txtHomeSearch parameter (aka the search field). NOTE: some of these details are obtained from third party information.
5.9AI Score
0.007EPSS
SQL injection vulnerability in addsale.php in iScripts eSwap 2.0 allows remote attackers to execute arbitrary SQL commands via the type parameter.
8.7AI Score
0.006EPSS
8.8CVSS
8.6AI Score
0.001EPSS
iScripts eSwap v2.4 has XSS via the "registration_settings.php" txtDate parameter in the Admin Panel.
4.8CVSS
4.9AI Score
0.001EPSS
iScripts eSwap v2.4 has SQL injection via the "registration_settings.php" ddlFree parameter in the Admin Panel.
7.2CVSS
7.4AI Score
0.001EPSS
iScripts eSwap v2.4 has Reflected XSS via the "catwiseproducts.php" catid parameter in the User Panel.
6.1CVSS
5.9AI Score
0.001EPSS
iScripts eSwap v2.4 has SQL injection via the wishlistdetailed.php User Panel ToId parameter.
9.8CVSS
9.8AI Score
0.002EPSS
iScripts eSwap v2.4 has SQL injection via the "salelistdetailed.php" User Panel ToId parameter.
9.8CVSS
9.8AI Score
0.002EPSS
iScripts eSwap v2.4 has SQL injection via the "search.php" 'Told' parameter in the User Panel.
8.8CVSS
9AI Score
0.001EPSS