Cross-site scripting (XSS) vulnerability in signup.php in @1 File Store 2006.03.07 allows remote attackers to inject arbitrary web script or HTML via the (1) real_name, (2) email, and (3) login parameters.
5.7AI Score
0.006EPSS
SQL injection vulnerability in @1 File Store 2006.03.07 allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) functions.php and (2) user.php in the libs directory, (3) edit.php and (4) delete.php in control/files/, (5) edit.php and (6) delete.php in control/users/, (...
8.3AI Score
0.013EPSS
Multiple cross-site scripting (XSS) vulnerabilities in UPOINT @1 Event Publisher allow remote attackers to inject arbitrary web script or HTML via the (1) Event, (2) Description, (3) Time, (4) Website, and (5) Public Remarks fields to (a) eventpublisher_admin.htm and (b) eventpublisher_usersubmit.h...
5.8AI Score
0.007EPSS
UPOINT @1 Event Publisher stores sensitive information under the web document root with insufifcient access control, which allows remote attackers to read private comments via a direct request to eventpublisher.txt.
6.2AI Score
0.007EPSS