Lucene search
K

6 matches found

CVE
CVE
added 2014/10/20 3:0 p.m.55 views

CVE-2012-5866

CVE-2012-5866 is an XSS vulnerability in Achievo 1.4.5, caused by an input sanitation error in include.php when handling the HTTP GET parameter field. An attacker can inject arbitrary HTML/JavaScript into a user’s browser. A PoC demonstrates script execution via include.php?field=... The HTB advi...

4.3CVSS5.6AI score0.01201EPSS
Exploits5References4Affected Software1
securityvulns
securityvulns
added 2012/12/10 12:0 a.m.72 views

Multiple vulnerabilities in Achievo

Advisory ID: HTB23126 Product: Achievo Vendor: www.achievo.org Vulnerable Versions: 1.4.5 and probably prior Tested Version: 1.4.5 Vendor Notification: November 14, 2012 Public Disclosure: December 5, 2012 Vulnerability Type: SQL Injection CWE-89, Cross-Site Scripting CWE-79 CVE References:...

6.5CVSS7.3AI score0.01201EPSS
Exploits7
Exploit DB
Exploit DB
added 2012/12/09 12:0 a.m.52 views

Achievo 1.4.5 - Multiple Vulnerabilities (2)

Advisory ID: HTB23126 Product: Achievo Vendor: www.achievo.org Vulnerable Versions: 1.4.5 and probably prior Tested Version: 1.4.5 Vendor Notification: November 14, 2012 Public Disclosure: December 5, 2012 Vulnerability Type: SQL Injection CWE-89, Cross-Site Scripting CWE-79 CVE References:...

6.5CVSS6.4AI score0.01201EPSS
Exploits7
exploitpack
exploitpack
added 2012/12/09 12:0 a.m.35 views

Achievo 1.4.5 - Multiple Vulnerabilities (2)

Achievo 1.4.5 - Multiple Vulnerabilities 2 Advisory ID: HTB23126 Product: Achievo Vendor: www.achievo.org Vulnerable Versions: 1.4.5 and probably prior Tested Version: 1.4.5 Vendor Notification: November 14, 2012 Public Disclosure: December 5, 2012 Vulnerability Type: SQL Injection CWE-89,...

6.5CVSS0.5AI score0.01201EPSS
Exploits7
Packet Storm
Packet Storm
added 2012/12/07 12:0 a.m.53 views

Achievo 1.4.5 Cross Site Scripting / SQL Injection

Advisory ID: HTB23126 Product: Achievo Vendor: www.achievo.org Vulnerable Versions: 1.4.5 and probably prior Tested Version: 1.4.5 Vendor Notification: November 14, 2012 Public Disclosure: December 5, 2012 Vulnerability Type: SQL Injection CWE-89, Cross-Site Scripting CWE-79 CVE References:...

6.5CVSS0.5AI score0.01201EPSS
Exploits7
0day.today
0day.today
added 2012/12/07 12:0 a.m.71 views

Achievo 1.4.5 Cross Site Scripting / SQL Injection Vulnerabilities

Achievo version 1.4.5 suffers from cross site scripting and remote SQL injection vulnerabilities. Product: Achievo Vendor: www.achievo.org Vulnerable Versions: 1.4.5 and probably prior Tested Version: 1.4.5 Vendor Notification: November 14, 2012 Public Disclosure: December 5, 2012 Vulnerability...

6.5CVSS0.6AI score0.01201EPSS
Exploits7
Rows per page
Query Builder