4 matches found
CVE-2006-1850
Multiple cross-site scripting XSS vulnerabilities in xFlow 5.46.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 level, 2 position, 3 id, and 4 action parameters to membersonly/index.cgi, and the 5 page parameter to customerarea/index.cgi...
CVE-2006-1850
Multiple cross-site scripting XSS vulnerabilities in xFlow 5.46.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 level, 2 position, 3 id, and 4 action parameters to membersonly/index.cgi, and the 5 page parameter to customerarea/index.cgi...
CVE-2006-1849
The CVE-2006-1849 entry describes multiple SQL injection vulnerabilities in the web component members_only/index.cgi of xFlow (versions 5.46.11 and earlier). The underlying issue is improper handling of user-supplied input, allowing an attacker to manipulate SQL queries through the (1) position a...
CVE-2006-1850
CVE-2006-1850 affects xFlow 5.46.11 and earlier, with multiple XSS vulnerabilities allowing remote attackers to inject arbitrary script/HTML through parameters in members_only/index.cgi (level, position, id, action) and page in customer_area/index.cgi. The connected sources (NVD, CVE records, PRI...