4 matches found
CVE-2009-4407
Multiple cross-site request forgery CSRF vulnerabilities in PyForum 1.0.3 and possibly earlier versions, and possibly zForum, allow remote attackers to hijack the authentication of victims for requests that change passwords, and other unspecified requests, via unknown vectors...
CVE-2009-4408
Multiple cross-site scripting XSS vulnerabilities in models.parser in PyForum 1.0.3 and possibly earlier versions, and possibly zForum, allow remote attackers to inject arbitrary web script or HTML via crafted BBcode 1 img or 2 url tags, which are not properly handled when a post is viewed...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in models.parser in PyForum 1.0.3 and possibly earlier versions, and possibly zForum, allow remote attackers to inject arbitrary web script or HTML via crafted BBcode 1 img or 2 url tags, which are not properly handled when a post is viewed...
CVE-2009-4407
CVE-2009-4407 involves multiple CSRF vulnerabilities in PyForum 1.0.3 and possibly earlier versions, and possibly zForum. The vulnerabilities allow remote attackers to hijack a victim’s authenticated session to perform state-changing requests (e.g., password changes) and other unspecified actions...