CVE-2012-4352

Stoneware webNetwork 6.1 before SP1 is affected by multiple cross-site scripting (XSS) vulnerabilities. The flaws allow remote attackers to inject arbitrary web script or HTML through parameters such as blogName (used by community/blog.jsp and community/blogSearch.jsp), calendar.jsp parameters (c...

CVE-2012-0285

CVE-2012-0285 involves Stoneware webNetwork with multiple XSS vulnerabilities in versions before 6.0.8.0. Exploitation vectors are not specified in the provided documents, but the CVE description states that remote attackers can inject arbitrary web script or HTML, affecting integrity (I:P) with ...

CVE-2012-0912

CVE-2012-0912 : Concrete details show a SQL injection vulnerability in Stoneware webNetwork before version 6.0.8.0 . The issue allows remote attackers to execute arbitrary SQL commands via unspecified vectors. The NVD entry lists a high impact (CVSS v2 base score 7.5) with network access, no auth...

CVE-2012-0286

Stoneware webNetwork prior to 6.0.8.0 is affected by a Cross-Site Request Forgery (CSRF) vulnerability that can allow remote attackers to hijack user authentication and perform requests that modify user accounts. The issue is documented in CVE-2012-0286 and reflected across multiple feeds (NVD/Re...