Vulnerabilities (CVE)

Filtered by vendor Dsmall Project Subscribe
Filtered by product Dsmall
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-9016 1 Dsmall Project 1 Dsmall 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
dsmall v20180320 allows XSS via the main page search box at the public/index.php/home URI.
CVE-2018-9015 1 Dsmall Project 1 Dsmall 2024-02-28 3.5 LOW 5.4 MEDIUM
dsmall v20180320 allows XSS via the public/index.php/home/predeposit/index.html pdr_sn parameter (aka the CMS search box).
CVE-2018-8906 1 Dsmall Project 1 Dsmall 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
dsmall v20180320 has XSS via a crafted street address to public/index.php/home/memberaddress/index.html, which is mishandled at public/index.php/home/memberaddress/edit/address_id/2.html.
CVE-2018-9307 1 Dsmall Project 1 Dsmall 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
dsmall v20180320 allows XSS via the pdr_sn parameter to public/index.php/home/predeposit/index.html.
CVE-2018-9014 1 Dsmall Project 1 Dsmall 2024-02-28 5.0 MEDIUM 7.5 HIGH
dsmall v20180320 allows physical path leakage via a public/index.php/home/predeposit/index.html?pdr_sn= request.
CVE-2018-9017 1 Dsmall Project 1 Dsmall 2024-02-28 3.5 LOW 5.4 MEDIUM
dsmall v20180320 allows XSS via the member search box at the public/index.php/home/membersnsfriend/findlist.html URI.