2 matches found
CVE-2007-2880
Digirez 3.4 has multiple cross-site scripting (XSS) vulnerabilities that enable remote attackers to inject arbitrary web script or HTML via (1) the Room_name parameter in room/info_book.asp and (2) the curYear parameter in room/week.asp. Root cause: insufficient input sanitization leading to scri...
CVE-2007-0128
CVE-2007-0128 describes an SQL injection vulnerability in info_book.asp for Digirez 3.4 and earlier, where the book_id parameter can be manipulated to execute arbitrary SQL commands remotely. Affected software is Digirez (versions up to 3.4 and earlier); the underlying root cause is improper hand...