2 matches found
CVE-2014-9434
CVE-2014-9434 describes a cross-site scripting (XSS) vulnerability in the Absolut Engine 1.73 administrative backend, specifically in the file path admin/managerrelated.php. The issue allows remote authenticated users to inject arbitrary web script or HTML through the title parameter. The connect...
CVE-2014-9435
CVE-2014-9435 has concrete details in connected documents: Absolut Engine 1.73 contains multiple SQL injection vulnerabilities allowing remote authenticated users to execute arbitrary SQL via (1) sectionID in admin/managersection.php, (2) userID in admin/edituser.php, (3) username in admin/admin....