2 matches found
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Scriptsez.net Ez Poll Hoster EPH allow remote attackers to inject arbitrary web script or HTML via the 1 pid parameter in a code action to index.php and the 2 uid parameter in a view action to profile.php...
CVE-2009-4385
CVE-2009-4385 describes multiple CSRF vulnerabilities in Scriptsez.net Ez Poll Hoster (EPH). Attackers can hijack user authentication to perform delete_poll (index.php) and administrator authentication to delete users (admin.php) or send arbitrary email (admin.php). The affected components are th...