CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5 matches found

seebug.org•added 2009/06/02 12:0 a.m.•16 views

Lussumo Vanilla ajax/updatecheck.php模块跨站脚本漏洞

BUGTRAQ: 35114 Vanilla（香草）是一个开源的多语言、完全可扩展的论坛程序。输入传递给“ RequestName ”参数中的Ajax / updatecheck.php是没有正确地过滤，然后返回给用户。这可以被用来执行任意HTML和脚本代码在用户的浏览器会在背景下，受影响网站。 Lussumo Vanilla 1.1.5\1.1.7 厂商补丁： Lussumo ------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

7.1AI score

Exploits0

Cvelist•added 2009/06/01 7:0 p.m.•15 views

CVE-2009-1845

Cross-site scripting XSS vulnerability in ajax/updatecheck.php in Lussumo Vanilla 1.1.5 and 1.1.7 allows remote attackers to inject arbitrary web script or HTML via the RequestName parameter...

5.7AI score0.01039EPSS

Exploits1References4

CVE•added 2009/06/01 7:0 p.m.•38 views

CVE-2009-1845

CVE-2009-1845 describes a cross-site scripting (XSS) vulnerability in Lussumo Vanilla specifically in ajax/updatecheck.php, affecting Vanilla 1.1.5 and 1.1.7. The underlying issue is that the RequestName parameter can be exploited to inject arbitrary web script or HTML. Connected sources (OpenVAS...

4.3CVSS5.9AI score0.01039EPSS

Exploits1References4Affected Software1

Packet Storm•added 2009/05/27 12:0 a.m.•18 views

Vanilla 1.1.7 Cross Site Scripting

Author: Gerendi Sandor Attila Original advisory: http://gsasec.blogspot.com/2009/05/vanilla-v117-cross-site-scripting.html Date: May 14, 2009 Package: Vanilla 1.1.7 Product Homepage: http://getvanilla.com/ Versions Affected: v.1.1.7, 1.1.5 Other versions may also be affected Severity: Medium Inpu...

Exploits0