2 matches found
CVE-2005-1634
The data confirms concrete flaws in JGS-XA/JGS-Portal up to version 3.0.2: multiple XSS and SQL injection vectors enabled via parameters in jgs_portal.php and related scripts (anzahl_beitraege, year in statistik/beitraggraf/themes, tag, id in sponsor) or even the Accept-Language header to jgs_por...
CVE-2005-1634
Multiple cross-site scripting XSS vulnerabilities in JGS-XA JGS-Portal 3.0.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 anzahlbeitraege parameter to jgsportal.php, 2 year parameter to jgsportalstatistik.php, 3 year parameter to jgsportalbeitraggraf.php, 4...