Filtered by vendor Vanguard Project
Subscribe
Total
5 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-15537 | 1 Vanguard Project | 1 Vanguard | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in the Vanguard plugin 2.1 for WordPress. XSS can occur via the mails/new title field, a product field to the p/ URI, or the Products Search box. | |||||
CVE-2017-17937 | 1 Vanguard Project | 1 Marketplace Digital Products Php | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Vanguard Marketplace Digital Products PHP has XSS via the phps_query parameter to /search. | |||||
CVE-2017-17936 | 1 Vanguard Project | 1 Marketplace Digital Products Php | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
Vanguard Marketplace Digital Products PHP has CSRF via /search. | |||||
CVE-2017-17874 | 1 Vanguard Project | 1 Marketplace Digital Products Php | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
Vanguard Marketplace Digital Products PHP 1.4 allows arbitrary file upload via an "Add a new product" or "Add a product preview" action, which can make a .php file accessible under a uploads/ URI. | |||||
CVE-2017-17873 | 1 Vanguard Project | 1 Marketplace Digital Products Php | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Vanguard Marketplace Digital Products PHP 1.4 has SQL Injection via the PATH_INFO to the /p URI. |