CVE-2009-4552

CVE-2009-4552 is an XSS vulnerability in the Miniweb 2.0 Survey Pro module. It allows remote attackers to inject arbitrary script/HTML via PATH_INFO to index.php. Affected: Miniweb 2.0 (Survey Pro). Root cause: unsanitized PATH_INFO input leading to reflected script execution. Impact: client-side...

CVE-2009-4551

SQL injection vulnerability in the Survey Pro module for Miniweb 2.0 allows remote attackers to execute arbitrary SQL commands via the campaign_id parameter in a results action to index.php. Affected software: Miniweb 2.0, Survey Pro module. Impact as per NVD: base score 7.5 (HIGH). Exploitation ...

CVE-2009-3419

CVE-2009-3419 describes an SQL injection in the Miniweb Publisher module 2.0, via index.php and the historymonth parameter. Affected software: Miniweb Publisher module 2.0 (index.php). Root cause: unsafely handled input in historymonth leading to SQL command execution. Impact: remote attackers co...

CVE-2009-3420

CVE-2009-3420: XSS in Miniweb’s Publisher module 2.0 (index.php) via begin parameter and PATH_INFO. Affected: Publisher module 2.0 for Miniweb; vulnerability allows remote injection of script/HTML; CVSS v2 base score 4.3 (Medium) with partial integrity impact. Exploitation details: remote attacke...