2 matches found
CVE-2003-0494
CVE-2003-0494 affects Snitz Forums 3.4.03 and earlier. The vulnerability is in password.asp: a remote attacker can reset passwords and gain privileges as other users by sending a direct request with a modified member id. Root cause appears to be parameter tampering on the member identifier, enabl...
CVE-2003-0492
The CVE-2003-0492 entry concerns Snitz Forums (3.4.03 and earlier) with a Cross-site Scripting (XSS) vulnerability in search.asp. The issue allows remote attackers to execute arbitrary web script by supplying a crafted value to the Search parameter. Multiple connected sources corroborate an XSS s...