2 matches found
CVE-2000-1015
The CVE-2000-1015 entry concerns Slashcode prior to version 2.0 Alpha, which ships with a default administrative password. The root cause is the presence of this default credential, enabling remote attackers to gain Slashcode privileges and potentially execute arbitrary commands. Documented impac...
CVE-2002-0292
The CVE-2002-0292 entry describes a cross-site scripting (XSS) vulnerability in Slash before 2.2.5 (used in Slashcode and related projects). The issue allows remote attackers to steal cookies and authentication information from other users by injecting JavaScript into a URL (potentially via the f...