2 matches found
Cross site scripting
Cross-site scripting XSS vulnerability in Operation/User.pm in Plain Black WebGUI before 7.3.5 beta allows remote attackers to inject arbitrary web script or HTML via the username parameter during anonymous registration, a different vector than CVE-2007-0308. NOTE: it is possible that a separate...
CVE-2007-0308
Plain Black WebGUI is affected by CVE-2007-0308: an XSS in Wiki Page titles allows remote injection of script/HTML. Affected product/version: Plain Black WebGUI before 7.3.4 (beta). Root cause: improper handling of Wiki Page titles leads to script injection. Impact per sources: client-side script...