Vulnerabilities > Avatic > Aardvark Topsites PHP > 5.2.0

DATE CVE VULNERABILITY TITLE RISK
2010-10-27 CVE-2010-4097 Cross-Site Scripting vulnerability in Avatic Aardvark Topsites PHP 5.2.0/5.2.1
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Aardvark Topsites PHP 5.2.0 and 5.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) mail, (2) title, (3) u, and (4) url parameters.
network
avatic CWE-79
4.3
4.3
2009-07-02 CVE-2009-2303 Improper Input Validation vulnerability in Avatic Aardvark Topsites PHP
index.php in Aardvark Topsites PHP 5.2.1 and earlier allows remote attackers to obtain sensitive information via a negative integer value for the start parameter in a search action, which reveals the installation path in an error message.
network
low complexity
avatic CWE-20
5.0
5.0