CVE-2006-5447

The vulnerability CVE-2006-5447 affects DEV Web Management System (WMS) version 1.5 as described in PT-2006-6166. It is a cross-site scripting (XSS) flaw in index.php where the action parameter can be exploited to inject arbitrary web script or HTML. The core issue is an XSS exposure in the index...

CVE-2006-0886

The provided sources describe a Cross-site scripting (XSS) vulnerability in DEV web management system 1.5, specifically in register.php, exploitable via the City/Region field (mesto variable). Remote attackers could inject arbitrary web script or HTML. The vulnerability affects the register.php h...

CVE-2005-4554

CVE-2005-4554 describes multiple SQL injection vulnerabilities in DEV web management system 1.5 and earlier. The issues allow remote attackers to execute arbitrary SQL commands via: (1) the cat parameter in openforum.php (index.php), (2) the cat parameter in getfile.php, and (3) the target parame...

CVE-2005-4555

CVE-2005-4555 is a cross-site scripting (XSS) vulnerability affecting DEV web management system versions 1.5 and earlier. The issue resides in add.php where an attacker can inject arbitrary script via four language array parameters: ENTER_ARTICLE_TITLE, SPECIFY_ZONE, ENTER_ARTICLE_HEADER, and ENT...