4 matches found
Cross site scripting
Cross-site scripting XSS vulnerability in cp/editemail.php in LiSK CMS 4.4 allows remote attackers to inject arbitrary web script or HTML via the id parameter...
CVE-2010-2014
Cross-site scripting XSS vulnerability in cp/listcontent.php in LiSK CMS 4.4 allows remote attackers to inject arbitrary web script or HTML via the cl or possibly id parameter...
CVE-2010-2013
Cross-site scripting XSS vulnerability in cp/editemail.php in LiSK CMS 4.4 allows remote attackers to inject arbitrary web script or HTML via the id parameter...
CVE-2010-2015
LiSK CMS 4.4 is affected by SQL injection vulnerabilities (CVE-2010-2015) in two server-side scripts: cp_messages.php (view_inbox via id) and edit_email.php (via id). The root cause is inadequate input sanitization of the id parameter, enabling remote attackers with CP Messages privileges to craf...