CVE-2014-9243

Multiple cross-site scripting XSS vulnerabilities in WebsiteBaker 2.8.3 allow remote attackers to inject arbitrary web script or HTML via the 1 QUERYSTRING to wb/admin/admintools/tool.php or 2 sectionid parameter to editmodulefiles.php, 3 news/addpost.php, 4 news/modifygroup.php, 5...

CVE-2015-0553

Cross-site scripting XSS vulnerability in admin/pages/modify.php in WebsiteBaker 2.8.3 SP3 allows remote attackers to inject arbitrary web script or HTML via the pageid parameter...

CVE-2015-0553

Affects WebsiteBaker 2.8.3 SP3: admin/pages/modify.php exposes a reflecting XSS via the page_id parameter. Impact is script execution in the context of the user’s browser. No remediation details are provided in the connected documents; CVSSv2 base score is 4.3 (Medium). Exploitation details appea...

CVE-2014-9242

SQL injection vulnerability in admin/pages/modify.php in WebsiteBaker 2.8.3 allows remote attackers to execute arbitrary SQL commands via the pageid parameter...

Sql injection

SQL injection vulnerability in admin/pages/modify.php in WebsiteBaker 2.8.3 allows remote attackers to execute arbitrary SQL commands via the pageid parameter...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in WebsiteBaker 2.8.3 allow remote attackers to inject arbitrary web script or HTML via the 1 QUERYSTRING to wb/admin/admintools/tool.php or 2 sectionid parameter to editmodulefiles.php, 3 news/addpost.php, 4 news/modifygroup.php, 5...

CVE-2014-9243

CVE-2014-9243 affects WebsiteBaker 2.8.3 with multiple XSS vulnerabilities. The issues allow remote attackers to inject arbitrary web script or HTML via: (1) QUERY_STRING to wb/admin/admintools/tool.php, (2) section_id to edit_module_files.php, (3) news/add_post.php, (4) news/modify_group.php, (5...