2 matches found
CVE-2007-5142
The CVE-2007-5142 entry describes a Cross-site Scripting (XSS) vulnerability in the buscar.asp page of Solidweb Novus 1.0. The issue allows remote attackers to inject arbitrary script/HTML by supplying a value in the p parameter. This is evidenced by multiple sources referencing the same flaw and...
CVE-2007-5123
CVE-2007-5123 describes an SQL injection vulnerability in notas.asp of Novus 1.0, exploitable via the nota_id parameter to allow remote execution of arbitrary SQL commands. Affected product details: Novus 1.0, specifically the notas.asp component; root cause is improper handling/validation of the...