Binarytree200

Name of the Vulnerable Software and Affected Versions: waimai Super Cms version 20150505 Description: The issue allows attackers to modify a price before form submission by observing data in a packet capture. This is achieved by setting the `credit` parameter to -1 in the "index.php?m=gift&a=addsave" endpoint, resulting in the product being sold for free. Recommendations: For waimai Super Cms version 20150505, as a temporary workaround, consider restricting access to the "index.php?m=gift&a=addsave" endpoint to minimize the risk of exploitation. Additionally, avoid using the `credit` parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: waimai Super Cms version 20150505 Description: The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability is located in the `/admin.php?&m=Public&a=login` component. Cross-site scripting (XSS) is a type of security vulnerability that allows an attacker to inject malicious scripts into a website, potentially allowing them to steal user data or take control of the user's session. Recommendations: For waimai Super Cms version 20150505, consider disabling access to the `/admin.php?&m=Public&a=login` component until a fix is available. Restricting access to this component can help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: waimai Super Cms version 20150505 Description: The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability is located in the `/admin.php/Link/addsave` component. Cross-site scripting (XSS) is a type of security vulnerability that can allow an attacker to inject malicious scripts into a website, potentially leading to unauthorized access or control. Recommendations: For waimai Super Cms version 20150505, as a temporary workaround, consider restricting access to the `/admin.php/Link/addsave` component until a patch is available. Avoid using this component in a way that could allow unauthorized input, as this could potentially be used to exploit the XSS vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: waimai Super Cms version 20150505 Description: The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability is located in the `/admin.php?m=Config&a=add` component. Cross-site scripting (XSS) is a type of security vulnerability that allows an attacker to inject malicious scripts into a website, potentially allowing them to steal user data or take control of the user's session. Recommendations: For waimai Super Cms version 20150505, as a temporary workaround, consider restricting access to the `/admin.php?m=Config&a=add` component until a patch is available. Avoid using this component in a way that could allow an attacker to inject malicious scripts. At the moment, there is no information about a newer version that contains a fix for this vulnerability.