6 matches found
CVE-2010-4659
StatusNet (open-source PHP-based micro-blogging platform) contains a cross-site scripting (XSS) vulnerability in error message contents up through 2010. The root cause is insufficient validation of client-side data by the web application, enabling an attacker to execute client-side code via craft...
CVE-2010-4660
CVE-2010-4660 relates to the open‑source micro‑blogging app StatusNet . It describes an SQL injection vulnerability caused by the way addslashes is used in SQL string escapes, affecting StatusNet up through 2010 and prior versions. The connected records confirm a PHP-based issue with database inp...
CVE-2010-4658
CVE-2010-4658 affects StatusNet (through 2010) and relates to a vulnerability where an attacker can spoof syslog messages via newline injection. The available records describe the underlying issue as a newline-injection weakness that enables log spoofing, but there are no detailed exploit vectors...
CVE-2011-3802
CVE-2011-3802 affects StatusNet 0.9.6. The vulnerability is an information disclosure where an attacker can obtain sensitive path information by requesting a .php file directly, with the error message exposing the installation path (e.g., tpl/index.php and related files). The connected sources co...
CVE-2011-3370
StatusNet (PHP-based micro‑blogging software) before version 0.9.9 is affected by a cross‑site scripting (XSS) vulnerability. Root cause: improper validation of client‑side data by the web application. Impact: potential execution of client‑side code. Remediation/patch details are not provided in ...
CVE-2013-4137
The vulnerability CVE-2013-4137 affects StatusNet 1.0 before 1.0.2 and 1.1.0. It involves multiple SQL injection flaws that allow remote attackers to execute arbitrary SQL commands via vectors related to user lists and a specific tag format. The issue is cataloged with a CVSS v2 base score of 7.5...