Lucene search
+L
MamboMambo Open Source

7 matches found

cve
cve
added 2005/05/19 4:0 a.m.56 views

CVE-2004-2072

CVE-2004-2072 describes a cross-site scripting (XSS) vulnerability in Mambo Open Source 4.6 (and possibly earlier) via the Itemid parameter in index.php. The underlying issue is a failure to properly sanitize user input in the web application, enabling an attacker to inject script that may run in...

6.8CVSS6.2AI score0.04178EPSS
cve
cve
added 2005/05/10 4:0 a.m.52 views

CVE-2004-1825

CVE-2004-1825 is a cross-site scripting (XSS) vulnerability in Mambo Open Source’s index.php, specifically in the mos_change_template and return parameters. Multiple connected sources (OpenVAS NASL 16316/136141256231016316, NVD, and CVE records) confirm that vulnerable versions include Mambo Open...

4.3CVSS5.7AI score0.01974EPSS
cve
cve
added 2007/03/07 8:0 p.m.49 views

CVE-2006-7150

CVE-2006-7150 affects Mambo 4.6.x with multiple SQL injection vulnerabilities. The issues allow remote attackers to inject arbitrary SQL via the mcname parameter to moscomment.php and com_comment.php, enabling potentially unauthorized data access or modification. The vulnerability is documented w...

7.5CVSS8.5AI score0.01173EPSS
cve
cve
added 2005/02/20 5:0 a.m.47 views

CVE-2004-1692

CVE-2004-1692 describes a cross‑site scripting (XSS) vulnerability in the Mambo 4.5 (1.0.9) index.php. The vulnerability allows remote attackers to inject arbitrary web script or HTML by manipulating the (1) Itemid, (2) mosmsg, or (3) limit parameters. The issue is documented with a CVSS v2 base ...

4.3CVSS6AI score0.01793EPSS
cve
cve
added 2007/05/09 6:0 p.m.45 views

CVE-2006-7202

The vulnerability CVE-2006-7202 affects Mambo 4.6.1: the dofreePDF function in includes/pdf.php does not properly enforce access rights for database content, allowing remote attackers to read certain content via unspecified vectors. This is due to an insufficient access check in the PDF generatio...

7.8CVSS7AI score0.01411EPSS
cve
cve
added 2008/01/15 7:0 p.m.44 views

CVE-2008-0261

CVE-2008-0261 affects Mambo CMS versions 4.5.x and 4.6.x. A vulnerability in the search component/module can allow remote attackers to cause a denial of service (query flood). Exploitation vectors are not specified in the provided documents. No remediation details are given in the supplied sources.

5CVSS6.7AI score0.01397EPSS
cve
cve
added 2007/08/08 1:11 a.m.42 views

CVE-2007-4203

CVE-2007-4203 describes a session-fixation vulnerability in Mambo 4.6.2 CMS. The issue allows remote attackers to hijack Web sessions by manipulating the Cookie parameter. The provided documents identify the affected product/version and the basic attack concept but do not specify root cause code ...

9.3CVSS6.7AI score0.01931EPSS