Cross-site scripting (XSS) vulnerability in E-Guest_sign.pl in E-Guest 1.1 allows remote attackers to inject arbitrary SSI directives, web script, and HTML via the (1) full name, (2) email, (3) homepage, and (4) location parameters. NOTE: this issue might overlap...
6.1AI Score
0.009EPSS
The Show In Browser (show_in_browser) gem 0.0.3 for Ruby allows local users to inject arbitrary web script or HTML via a symlink attack on...
6.3AI Score
0.0004EPSS
Multiple PHP remote file inclusion vulnerabilities in pSlash 0.70 allow remote attackers to execute arbitrary PHP code via a URL in (1) the lvc_admin_dir parameter to modules/visitors2/admin/view-archiver.inc.php or (2) the lvc_include_dir parameter to modules/visitors2/include/menus.inc.php....
7.7AI Score
0.168EPSS
PHP remote file inclusion vulnerability in modules/visitors2/include/config.inc.php in pSlash 0.70 allows remote attackers to execute arbitrary PHP code via a URL in the lvc_include_dir...
7.5AI Score
0.168EPSS
Directory traversal vulnerability in QuickZip 3.06.3 allows remote user-assisted attackers to overwrite arbitrary files or directories via .. (dot dot) sequences in filenames within (1) TAR,(2) GZ, and (3) JAR archives. NOTE: the provenance of this information is unknown; the details are obtained.....
7AI Score
0.011EPSS
pSlash PHP script 0.7 and earlier allows remote attackers to execute arbitrary code by including files from remote web sites, using an HTTP request that modifies the includedir...
7.8AI Score
0.013EPSS