7 matches found
EUVD-2012-3209
Malware in sbrugna...
CVE-2012-3232
Cross-site scripting XSS vulnerability in search.php in web@all 2.0, as downloaded before May 30, 2012, allows remote attackers to inject arbitrary web script or HTML via the texttitle parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in search.php in web@all 2.0, as downloaded before May 30, 2012, allows remote attackers to inject arbitrary web script or HTML via the texttitle parameter...
CVE-2012-3232
The CVE-2012-3232 entry relates to web@all 2.0. Affected component: search.php; vulnerability types: CSRF (CVE-2012-3231) and XSS (CVE-2012-3232). Root cause: input passed via the GET parameter _text[title] is not properly sanitized, allowing an attacker to inject arbitrary HTML/script in the use...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in web@all 2.0, as downloaded before May 30, 2012, allow remote attackers to hijack the authentication of administrators for requests that add, delete, or modify sensitive information, as demonstrated by adding a file to execute arbitrary...
CVE-2012-3231
CVE-2012-3231 affects web@all 2.0. The CSRF vulnerability resides in actions performed via HTTP requests to inc/browser/action.php (do_addfile), allowing an authenticated administrator to add, delete, or modify sensitive data. A PoC demonstrates how an attacker could forge a request to create an ...
Web@All 2.0 Cross Site Request Forgery / Cross Site Scripting
Advisory ID: HTB23094 Product: web@all Vendor: webatall.org Vulnerable Versions: 2.0 downloaded before 30th of May 2012; prior versions may also be vulnerable Tested Version: 2.0 downloaded on 25th of May 2012 Vendor Notification: 30 May 2012 Vendor Patch: 30 May 2012 Public Disclosure: 20 June...