2 matches found
CVE-2008-3392
CVE-2008-3392 describes a cross-site request forgery vulnerability in Web Wiz Forum 9.5 that allows remote attackers to log out a user by visiting a crafted link or IMG tag to log_off_user.asp. The published data shows an attacker-authenticated–not required scenario (authentication: NONE) with im...
CVE-2008-3391
CVE-2008-3391: Multiple cross-site scripting (XSS) vulnerabilities in Web Wiz Forum 9.5 allow remote attackers to inject arbitrary script/HTML via the mode parameter to admin_group_details.asp and admin_category_details.asp. Affected product is Web Wiz Forum 9.5; the underlying issue is XSS via u...