2 matches found
CVE-2006-2953
CVE-2006-2953 describes an XSS in OfficeFlow 2.6 and earlier via the sqlType parameter in default.asp. The vulnerability enables remote attackers to inject arbitrary script/HTML, with network attack vector, no confidentiality impact and partial integrity impact according to the cited metrics (I:P...
CVE-2006-2954
CVE-2006-2954 affects OfficeFlow 2.6 and earlier, where a SQL injection vulnerability exists in files.asp that allows remote attackers to execute arbitrary SQL commands via the Project parameter. The publicly available documents confirm the vulnerable component (files.asp) and the injection vecto...