2 matches found
CVE-2006-1266
CVE-2006-1266 is a cross-site scripting (XSS) flaw in VPMi Enterprise 3.3, exploitable via the Request_Name_Display parameter in Service_Requests.asp. The issue allows remote attackers to inject arbitrary web script or HTML. The vulnerability is documented with an NVD CVSSv2 base score of 4.3 (ME...
CVE-2006-0897
SQL injection vulnerability in VCS Virtual Program Management Intranet (VPMi) Enterprise 3.3 via the UpdateID0 parameter to Service_Requests.asp. The vendor disputes the issue, citing a protected state-management system, while third-party sources suggest the original researcher may have triggered...