CVE-2001-1535

CVE-2001-1535 concerns Slashcode 2.0, where new accounts are created with an 8-character random password. The flaw can let local attackers obtain session IDs from cookies and use a brute‑force attack to gain unauthorized access. This impacts confidentiality, integrity, and availability on affecte...

CVE-2000-1015

The CVE-2000-1015 entry concerns Slashcode prior to version 2.0 Alpha, which ships with a default administrative password. The root cause is the presence of this default credential, enabling remote attackers to gain Slashcode privileges and potentially execute arbitrary commands. Documented impac...

CVE-2002-1681

Technical details beyond the basic XSS description are not provided in the connected documents. No additional specifics (affected versions, root cause, impact or fixes) are available here. Monitor for updates from official advisories.

CVE-2004-2656

CVE-2004-2656 refers to multiple cross-site scripting (XSS) vulnerabilities in the Slashdot Like Automated Storytelling Homepage (Slash) a.k.a. Slashcode, fixed in R_2_5_0_41. The flaws allow remote attackers to inject arbitrary web script or HTML via the topic parameter in search.pl and the filt...

CVE-2002-0292

The CVE-2002-0292 entry describes a cross-site scripting (XSS) vulnerability in Slash before 2.2.5 (used in Slashcode and related projects). The issue allows remote attackers to steal cookies and authentication information from other users by injecting JavaScript into a URL (potentially via the f...

CVE-2002-1748

Technical details for CVE-2002-1748 are not publicly available in the provided documents; no specifics on affected versions, root cause, impact, or remediation are given. Monitor for updates as information may be added.