4 matches found
CVE-2009-3561
Directory traversal vulnerability in Xerver HTTP Server 4.32 allows remote attackers to read arbitrary files via a full pathname with a drive letter in the currentPath parameter in a chooseDirectory action...
Cross site scripting
Cross-site scripting XSS vulnerability in Xerver HTTP Server 4.32 allows remote attackers to inject arbitrary web script or HTML via the currentPath parameter in a chooseDirectory action...
CVE-2009-3562
CVE-2009-3562 affects Xerver HTTP Server 4.32. The XSS vulnerability is triggered in the management interface when action=chooseDirectory and the currentPath parameter is not properly validated, allowing remote attackers to inject arbitrary scripts/HTML. Affected product: Xerver HTTP Server (core...
CVE-2009-3562
Cross-site scripting XSS vulnerability in Xerver HTTP Server 4.32 allows remote attackers to inject arbitrary web script or HTML via the currentPath parameter in a chooseDirectory action...