2 matches found
CVE-2006-3191
CVE-2006-3191 describes a Cross-site Scripting (XSS) vulnerability in MPCS 0.2, specifically in comment.php, exploitable via the pageid parameter. The issue allows remote attackers to inject arbitrary web script or HTML. The available sources confirm the affected software (MPCS 0.2) and the vulne...
CVE-2008-2293
The CVE-2008-2293 issue affects Multi-Page Comment System (MPCS) 1.0 and 1.1, where remote attackers can bypass authentication and escalate privileges by setting the CommentSystemAdmin cookie to 1. The available sources describe an authentication bypass via a cookie manipulation, marking it as a ...