CVE-2008-4448

Cross-site request forgery CSRF vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote attackers to perform unauthorized actions as an administrator, including file deletion and creation, via a link or IMG tag to the 1 overkill, 2 futils, or 3 edit actions...

CVE-2008-4447

Cross-site scripting XSS vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote attackers to inject arbitrary web script or HTML via 1 the fn parameter during a dload action, 2 the mask parameter during a search action, and 3 the tab parameter during a sysinfo...

Cross site scripting

Cross-site scripting XSS vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote attackers to inject arbitrary web script or HTML via 1 the fn parameter during a dload action, 2 the mask parameter during a search action, and 3 the tab parameter during a sysinfo...

CVE-2008-4447

CVE-2008-4447 is a documented XSS vulnerability in Positive Software H-Sphere WebShell 4.3.10, exploitable via (1) fn in dload, (2) mask in search, or (3) tab in sysinfo within actions.php. The connected sources confirm the affected product/version and the vulnerable parameters, establishing a cr...

H-Sphere WebShell 4.3.10 - actions.php Multiple Cross-Site Scripting Vulnerabilities

H-Sphere WebShell 4.3.10 - actions.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/31524/info H-Sphere WebShell is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may...