Vulnerabilities > Belchior Foundry > Vcard > 2.8
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-03-14 | CVE-2006-1230 | Cross-Site Scripting vulnerability in Belchior Foundry Vcard 2.6/2.8/2.9 Multiple cross-site scripting (XSS) vulnerabilities in create.php in vCard 2.x allow remote attackers to inject arbitrary web script or HTML via the (1) card_id, (2) uploaded, (3) card_fontsize, or (4) card_color parameter. | 4.3 |
| 2004-12-31 | CVE-2004-1828 | Authentication Bypass vulnerability in Belchior Foundry Vcard 2.8/2.9 Vcard 2.9 and possibly other versions does not require authorization to run uninstall.php, which could allow remote attackers to uninstall Vcard and delete database tables via a direct request to uninstall.php. | 5.0 |