5 matches found
CVE-2008-4447
Cross-site scripting XSS vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote attackers to inject arbitrary web script or HTML via 1 the fn parameter during a dload action, 2 the mask parameter during a search action, and 3 the tab parameter during a sysinfo...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote attackers to perform unauthorized actions as an administrator, including file deletion and creation, via a link or IMG tag to the 1 overkill, 2 futils, or 3 edit actions...
Cross site scripting
Cross-site scripting XSS vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote attackers to inject arbitrary web script or HTML via 1 the fn parameter during a dload action, 2 the mask parameter during a search action, and 3 the tab parameter during a sysinfo...
CVE-2008-4448
Cross-site request forgery CSRF vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote attackers to perform unauthorized actions as an administrator, including file deletion and creation, via a link or IMG tag to the 1 overkill, 2 futils, or 3 edit actions...
CVE-2006-0193
CVE-2006-0193 is an XSS vulnerability in the Hosting Control Panel (psoft.hsphere.CP) of Positive Software H-Sphere, affecting version 2.4.3 Patch 8 and earlier. The issue arises from a flaw in the login action where the login parameter can be exploited to inject arbitrary web script/HTML. The NV...