2 matches found
Cross site scripting
Cross-site scripting XSS vulnerability in login.php in EsPartenaires 1.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: the EsContacts 1.0 issue is covered in CVE-2008-2037...
CVE-2008-2037
CVE-2008-2037 describes multiple XSS vulnerabilities in EditeurScripts EsContacts 1.0, exploitable by remote authenticated users via the msg parameter in login.php, importer.php, add_groupe.php, contacts.php, groupes.php, and search.php. The linked evidence from connected sources confirms the aff...