PT-2019-18643 · Php Scripts Mall · Php Scripts Mall Investment Mlm

Published

2019-06-06

Updated

2020-04-21

CVE-2019-7552

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions PHP Scripts Mall Investment MLM Software version 2.0.2

Description An issue was discovered due to a lack of sanitization in the Edit Name section of the My Profile Section, leading to stored XSS.

Recommendations For PHP Scripts Mall Investment MLM Software version 2.0.2, consider sanitizing user input in the Edit Name section of the My Profile Section to prevent stored XSS attacks. As a temporary workaround, restrict access to the My Profile Section until a proper fix is applied.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2019-7552

Affected Products

Php Scripts Mall Investment Mlm

PT-2019-18643 · Php Scripts Mall · Php Scripts Mall Investment Mlm

CVE-2019-7552

Weakness Enumeration

Related Identifiers

Affected Products

References · 4