4 matches found
CVE-2014-2531
InterWorx Web Control Panel (InterWorx-CP) before 5.0.14 build 577 is vulnerable to SQL injection in xhr.php via the i parameter in the search action for NodeWorx, SiteWorx, and Resellers interfaces. Root cause is that the application constructs dynamic SQL by concatenating user input without pro...
CVE-2014-2035
InterWorx Web Control Panel (Product: InterWorx Web Control Panel / Vendor: InterWorx LLC) is affected by a Cross-Site Scripting (XSS) vulnerability in xhr.php that allows an attacker to inject arbitrary script via the i parameter. The issue is documented as CVE-2014-2035 with a confirmed fix in ...
CVE-2007-4588
CVE-2007-4588 : Multiple cross-site scripting (XSS) vulnerabilities in InterWorx Hosting Control Panel (InterWorx-CP) Server Admin Level (NodeWorx) 3.0.2 allow remote attackers to inject arbitrary web script or HTML via PATH_INFO to index.php, and allow remote authenticated users to inject script...
CVE-2007-4589
CVE-2007-4589 describes multiple XSS vulnerabilities in InterWorx Hosting Control Panel (InterWorx-CP) Webmaster Level (SiteWorx) 3.0.2. The issue allows injection of arbitrary script/HTML by manipulating PATH_INFO to index.php and to a set of scripts (siteworx.php, users.php, ftp.php, mysql.php,...