3 matches found
CVE-2008-2072
CVE-2008-2072 describes a Cross-site scripting (XSS) vulnerability in index.php of Virtual Design Studio vlbook 1.21, allowing remote attackers to inject arbitrary web script or HTML via the l parameter. The entry notes this is a different vector from CVE-2006-3260, and the affected component is ...
CVE-2006-3260
CVE-2006-3260 affects vlbook 1.02. The vulnerability is a Cross-site scripting (XSS) flaw in index.php that allows remote attackers to inject arbitrary web script or HTML via the message parameter. No remediation details are provided in the supplied documents; exploitation information is not pres...
CVE-2008-2073
CVE-2008-2073 describes a directory traversal vulnerability in the file include/global.inc.php of Virtual Design Studio vlbook 1.21 . The underlying issue allows an attacker to supply a value for the parameter l containing “..” to cause the application to include and execute arbitrary local files...