2 matches found
CVE-2008-2231
The CVE in question affects Slash, the Slashdot-Like Automated Storytelling Homepage (Slashcode) R_2_5_0_94 and earlier. The issue is an SQL injection vulnerability via the id parameter, caused by insufficient input sanitization that enables remote attackers to execute SQL commands and read table...
CVE-2008-2553
Affected product: Slash, the Slashdot Like Automated Storytelling Homepage (Slashcode). Vulnerability: Cross-site scripting (XSS) via the userfield parameter in Slashcode releases up to R_2_5_0_94. Impact (as stated): Remote attackers can inject arbitrary web script or HTML. No other impact detai...