CVE-2004-1499

HELM 3.1.19 and earlier are affected by a Cross-site scripting (XSS) vulnerability in the compose message form (Subject field). The issue allows remote attackers to execute arbitrary web script or HTML. The CVE-2004-1499 entry cites a base score of 4.3 (Medium) per NVD, but the provided documents...

CVE-2004-1498

CVE-2004-1498 describes a SQL injection in the compose message form of HELM up to version 3.1.19, exploitable via the messageToUserAccNum parameter. The issue allows remote attackers to run arbitrary SQL commands. Affected: HELM 3.1.19 and earlier (HELM frontend/compose logic). Root cause: unsafe...