2 matches found
CVE-2004-1648
CVE-2004-1648 is a cross-site scripting (XSS) vulnerability in Password Protect affecting multiple ASP pages (index.asp, ChangePassword.asp, users_list.asp, users_add.asp) via the ShowMsg parameter. The issue is documented across CVE entries (NVD, CVE List) with a MEDIUM severity (CVSS v2 base sc...
CVE-2004-1647
Password Protect is vulnerable to SQL injection in multiple entry points. The CVE describes bypassing authentication and arbitrary SQL execution via parameters in ASP pages: (1) index_next.asp with admin/Pass, (2) CPassChangePassword.asp with LoginId, OPass, or NPass, (3) users_edit.asp, and (4) ...