Lucene search
K

4 matches found

NVD
NVD
added 2006/04/19 4:6 p.m.18 views

CVE-2006-1850

Multiple cross-site scripting XSS vulnerabilities in xFlow 5.46.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 level, 2 position, 3 id, and 4 action parameters to membersonly/index.cgi, and the 5 page parameter to customerarea/index.cgi...

2.6CVSS5.8AI score0.01767EPSS
Exploits0References5
Cvelist
Cvelist
added 2006/04/19 4:0 p.m.18 views

CVE-2006-1850

Multiple cross-site scripting XSS vulnerabilities in xFlow 5.46.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 level, 2 position, 3 id, and 4 action parameters to membersonly/index.cgi, and the 5 page parameter to customerarea/index.cgi...

5.8AI score0.01767EPSS
Exploits0References5
CVE
CVE
added 2006/04/19 4:0 p.m.45 views

CVE-2006-1849

The CVE-2006-1849 entry describes multiple SQL injection vulnerabilities in the web component members_only/index.cgi of xFlow (versions 5.46.11 and earlier). The underlying issue is improper handling of user-supplied input, allowing an attacker to manipulate SQL queries through the (1) position a...

7.5CVSS8.5AI score0.01123EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2006/04/19 4:0 p.m.43 views

CVE-2006-1850

CVE-2006-1850 affects xFlow 5.46.11 and earlier, with multiple XSS vulnerabilities allowing remote attackers to inject arbitrary script/HTML through parameters in members_only/index.cgi (level, position, id, action) and page in customer_area/index.cgi. The connected sources (NVD, CVE records, PRI...

2.6CVSS5.8AI score0.01767EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder