CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

exploitpack•added 2011/04/26 12:0 a.m.•14 views

html-edit CMS 3.1.x - html_output Cross-Site Scripting

html-edit CMS 3.1.x - htmloutput Cross-Site Scripting source: https://www.securityfocus.com/bid/47576/info html-edit CMS is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script...

6.8AI score

Exploit DB•added 2011/04/26 12:0 a.m.•27 views

html-edit CMS 3.1.x - 'html_output' Cross-Site Scripting

source: https://www.securityfocus.com/bid/47576/info html-edit CMS is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...

7.4AI score

NVD•added 2010/12/29 10:33 p.m.•11 views

CVE-2010-4609

SQL injection vulnerability in index.php in Html-edit CMS 3.1.8 allows remote attackers to execute arbitrary SQL commands via the nuser parameter in a registrate action...

7.5CVSS8.3AI score0.00373EPSS

NVD•added 2010/12/29 10:33 p.m.•10 views

CVE-2010-4611

Html-edit CMS 3.1.8 allows remote attackers to obtain sensitive information via a direct request to 1 pages.php and 2 menu.php in includes/corefiles and 3 extensions/login/frontend/pages/antihacker.php, which reveals the installation path in an error message...

5CVSS6.1AI score0.01984EPSS

NVD•added 2010/12/29 10:33 p.m.•17 views

CVE-2010-4610

Cross-site scripting XSS vulnerability in index.php in Html-edit CMS 3.1.8 allows remote attackers to inject arbitrary web script or HTML via the error parameter...

4.3CVSS5.7AI score0.01188EPSS

Prion•added 2010/12/29 10:33 p.m.•12 views

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in Html-edit CMS 3.1.8 allows remote attackers to inject arbitrary web script or HTML via the error parameter...

4.3CVSS6.1AI score0.01188EPSS

Prion•added 2010/12/29 10:33 p.m.•11 views

Sql injection

SQL injection vulnerability in index.php in Html-edit CMS 3.1.8 allows remote attackers to execute arbitrary SQL commands via the nuser parameter in a registrate action...

7.5CVSS9AI score0.00373EPSS

Cvelist•added 2010/12/29 7:0 p.m.•17 views

CVE-2010-4609

SQL injection vulnerability in index.php in Html-edit CMS 3.1.8 allows remote attackers to execute arbitrary SQL commands via the nuser parameter in a registrate action...

8.3AI score0.00373EPSS

CVE•added 2010/12/29 7:0 p.m.•38 views

CVE-2010-4609

CVE-2010-4609 affects Html-edit CMS 3.1.8, with an SQL injection in index.php via the nuser parameter in the registrate action. The vulnerability allows remote attackers to execute arbitrary SQL commands, potentially reading or modifying database contents. The available connected documents confir...

7.5CVSS8.6AI score0.00373EPSS

CVE•added 2010/12/29 7:0 p.m.•46 views

CVE-2010-4610

Affected software: Html-edit CMS 3.1.8. Vulnerability: Cross-site scripting (XSS) via the error parameter in index.php. Root cause: Input sanitation/error handling flaw in index.php leading to script/HTML injection. Impact: Remote attackers can inject arbitrary web script or HTML into a victim’s ...

4.3CVSS5.8AI score0.01188EPSS

CVE•added 2010/12/29 7:0 p.m.•36 views

CVE-2010-4611

Html-edit CMS 3.1.8 is affected by an information-disclosure path disclosure vulnerability (CVE-2010-4611). A remote attacker can obtain the installation path by directly requesting specific scripts: includes/core_files/pages.php, includes/core_files/menu.php, and extensions/login/frontend/pages/...

5CVSS6.3AI score0.01984EPSS

0day.today•added 2010/12/22 12:0 a.m.•16 views

html-edit CMS Multiple Vulnerabilities

Exploit for php platform in category web applications Vulnerability ID: HTB22734 Reference: http://www.htbridge.ch/advisory/sqlinjectioninhtmleditcms.html Product: HTML-EDIT CMS Vendor: html-edit web services http://www.html-edit.org/ Vulnerable Version: 3.1.8 Vendor Notification: 02 December 201...

6.7AI score

Packet Storm•added 2010/12/21 12:0 a.m.•28 views

HTML-EDIT CMS 3.1.8 Cross Site Scripting / Path Disclosure / SQL Injection

Vulnerability ID: HTB22734 Reference: http://www.htbridge.ch/advisory/sqlinjectioninhtmleditcms.html Product: HTML-EDIT CMS Vendor: html-edit web services http://www.html-edit.org/ Vulnerable Version: 3.1.8 Vendor Notification: 02 December 2010 Vulnerability Type: SQL Injection Status: Fixed by...

0.2AI score

securityvulns•added 2010/12/21 12:0 a.m.•48 views

SQL Injection in HTML-EDIT CMS

0.5AI score