Vulnerabilities > 2Daybiz > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-11-02 | CVE-2010-5018 | Cross-Site Scripting vulnerability in 2Daybiz Online Classified Script Cross-site scripting (XSS) vulnerability in products/classified/headersearch.php in 2daybiz Online Classified Script allows remote attackers to inject arbitrary web script or HTML via the sid parameter. | 4.3 |
| 2010-07-12 | CVE-2010-2692 | Cross-Site Scripting vulnerability in 2Daybiz Custom T-Shirt Design Script Cross-site scripting (XSS) vulnerability in 2daybiz Custom T-Shirt Design Script allows remote attackers to inject arbitrary web script or HTML via a review comment. | 4.3 |
| 2010-06-28 | CVE-2010-2509 | Cross-Site Scripting vulnerability in 2Daybiz web Template Software Multiple cross-site scripting (XSS) vulnerabilities in 2daybiz Web Template Software allow remote attackers to inject arbitrary web script or HTML via the (1) keyword parameter to category.php and the (2) password parameter to memberlogin.php. | 4.3 |
| 2010-06-25 | CVE-2010-2458 | Cross-Site Scripting vulnerability in 2Daybiz Video Community Portal Script 1.0 Cross-site scripting (XSS) vulnerability in video.php in 2daybiz Video Community Portal Script 1.0 allows remote attackers to inject arbitrary web script or HTML via the videoid parameter. | 4.3 |
| 2010-05-04 | CVE-2010-1703 | Cross-Site Scripting vulnerability in 2Daybiz Polls Script Multiple cross-site scripting (XSS) vulnerabilities in index_search.php in 2daybiz Polls (aka Advanced Poll) Script allow remote attackers to inject arbitrary web script or HTML via the (1) category parameter or (2) search field. | 4.3 |
| 2009-05-29 | CVE-2009-1820 | Cross-Site Scripting vulnerability in 2Daybiz Custom T-Shirt Design Script Cross-site scripting (XSS) vulnerability in product.php in 2daybiz Custom T-shirt Design Script allows remote attackers to inject arbitrary web script or HTML via the id parameter. | 4.3 |
| 2009-05-22 | CVE-2009-1767 | Permissions, Privileges, and Access Controls vulnerability in 2Daybiz Template Monster Clone admin/edituser.php in 2daybiz Template Monster Clone does not require administrative authentication, which allows remote attackers to modify arbitrary accounts via the (1) loginname, (2) password, (3) email, (4) firstname, or (5) lastname parameter. | 5.0 |