Vulnerabilities > Bcoos > Bcoos > 1.0.9
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-08-24 | CVE-2008-7036 | Cross-Site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in index.php in DevTracker module 3.0 for bcoos 1.1.11 and earlier, and DevTracker module 0.20 for E-XooPS 1.0.8 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) direction and (2) order_by parameters. | 4.3 |
2009-03-02 | CVE-2008-6381 | SQL Injection vulnerability in Bcoos SQL injection vulnerability in modules/adresses/viewcat.php in bcoos 1.0.13, and possibly earlier, allows remote authenticated users with Addresses module permissions to execute arbitrary SQL commands via the cid parameter. | 4.6 |
2008-05-20 | CVE-2008-2350 | Path Traversal vulnerability in Bcoos Directory traversal vulnerability in highlight.php in bcoos 1.0.9 through 1.0.13 allows remote attackers to read arbitrary files via (1) .. | 5.0 |