Lucene search
K

6 matches found

Patchstack
Patchstack
added 2026/06/02 8:27 a.m.15 views

WordPress Simple Custom Login Page plugin <= 1.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Nguyen Duong in WordPress Plugin Simple Custom Login Page versions = 1.0.3...

4.4CVSS5.8AI score0.00183EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2007/05/09 12:19 a.m.15 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Minh Nguyen Duong Obie Website Mini Web Shop 2 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO query string to 1 sendmail.php or 2 orderform.php, different vectors than CVE-2006-6734...

4.3CVSS5.9AI score0.03725EPSS
Exploits2References6Affected Software1
CVE
CVE
added 2007/05/09 12:0 a.m.40 views

CVE-2007-2532

CVE-2007-2532 concerns Minh Nguyen Duong Obie Website Mini Web Shop 2.1.c. It describes multiple XSS vulnerabilities reachable via PATH_INFO to sendmail.php or order_form.php, and via the catname parameter in modules/viewcategory.php (a different vector than CVE-2006-6734). Root cause appears to ...

4.3CVSS5.7AI score0.03725EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2007/05/09 12:0 a.m.25 views

CVE-2007-2532

Multiple cross-site scripting XSS vulnerabilities in Minh Nguyen Duong Obie Website Mini Web Shop 2 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO query string to 1 sendmail.php or 2 orderform.php, different vectors than CVE-2006-6734...

5.6AI score0.03725EPSS
Exploits1References6
Cvelist
Cvelist
added 2006/12/26 11:0 p.m.17 views

CVE-2006-6735

modules/viewcategory.php in Minh Nguyen Duong Obie Website Mini Web Shop 2.1.c allows remote attackers to obtain sensitive information via a request with an arbitrary catname parameter but no itemsdb parameter, which reveals the path in an error message. NOTE: CVE analysis suggests that this erro...

6.3AI score0.01513EPSS
Exploits1References4
CVE
CVE
added 2006/12/26 11:0 p.m.47 views

CVE-2006-6734

CVE-2006-6734 describes a cross-site scripting (XSS) vulnerability in Minh Nguyen Duong Obie Website Mini Web Shop 2.1.c. The issue allows remote attackers to inject arbitrary web script or HTML via the catname parameter to modules/viewcategory.php. Connected records corroborate the same product ...

4.3CVSS5.6AI score0.01734EPSS
Exploits1References6Affected Software1
Rows per page
Query Builder