Vulnerabilities (CVE)

Filtered by vendor Maianmedia Subscribe
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-41421 1 Maianmedia 1 Maianaffiliate 2024-11-21 3.5 LOW 4.8 MEDIUM
A PHP code injection vulnerability in MaianAffiliate v.1.0 allows an authenticated attacker to gain RCE through the MaianAffiliate admin panel.
CVE-2021-41420 1 Maianmedia 1 Maianaffiliate 2024-11-21 3.5 LOW 5.4 MEDIUM
A stored XSS vulnerability in MaianAffiliate v.1.0 allows an authenticated attacker for arbitrary JavaScript code execution in the context of authenticated and unauthenticated users through the MaianAffiliate admin panel.
CVE-2021-39402 1 Maianmedia 1 Maianaffiliate 2024-11-21 6.5 MEDIUM 7.2 HIGH
MaianAffiliate v.1.0 is suffers from code injection by adding a new product via the admin panel. The injected payload is reflected on the affiliate main page for all authenticated and unauthenticated visitors.