2 matches found
CVE-2009-4254
PowerPhlogger 2.2.5 is affected by an information disclosure vulnerability where remote attackers can obtain sensitive data via direct requests to files in the include/ directory (edCss.inc.php, foot.inc.php, get_csscolors.inc.php, head.inc.php, head_stuff.inc.php, loglist.inc.php, pphlogger_send...
CVE-2009-4253
Power Phlogger vulnerability CVE-2009-4253: Cross-site scripting in dspStats.php (PowerPhlogger 2.2.5) allows remote attackers to inject arbitrary web script or HTML via the edit parameter. Root cause: failure to properly sanitize user-supplied input. The issue is documented across multiple feeds...