3 matches found
EUVD-2010-4333
Malware in sbrugna...
Cross site scripting
DaDaBIK 4.3 beta3, when running in a case-sensitive environment, does not include the htmLawed library, which allows remote attackers to bypass the protection mechanism for CVE-2010-4355 and conduct cross-site scripting XSS attacks via the 1 html content and 2 richeditor fields. NOTE: some of the...
CVE-2010-4355
DaDaBIK is affected by CVE-2010-4355 in multiple entries. Specifically, DaDaBIK 4.3 beta2 (and 4.3 beta3 in certain environments) can be exploited via the insert/edit flow and select_single parameter (CVE-2010-4355). Related records note that in case-sensitive environments, DaDaBIK 4.3 beta3 does...