2 matches found
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in hlstats.php in HLstats 1.35, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the 1 authusername or 2 authpassword parameter, different vectors than CVE-2007-0840 and CVE-2007-2812...
CVE-2007-0840
CVE-2007-0840 is an XSS flaw in HLstats (HLstats.php) affecting HLstats up to version 1.35. Connected records specify vulnerable parameters: (1) authusername and (2) authpassword in HLstats.php, enabling remote attackers to inject arbitrary web script or HTML. The issue is tied to HLstats’ search...