Sql injection

Multiple SQL injection vulnerabilities in Cezanne 7 allow remote authenticated users to execute arbitrary SQL commands via the FUNID parameter to 1 CFLookup.asp and 2 CznCommon/CznCustomContainer.asp...

Cezanne 6.5.1/7 - 'cflookup.asp' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/28772/info Cezanne Software is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. Authenticated attackers may leverage these issues to execute arbitrary script code in the browser of an...