Vulnerabilities > Boonex > Orca
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-08-21 | CVE-2009-2919 | Cross-Site Scripting vulnerability in Boonex Orca 2.0/2.0.2 Cross-site scripting (XSS) vulnerability in Boonex Orca 2.0 and 2.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the topic title field. | 3.5 |
| 2008-11-19 | CVE-2008-5167 | Code Injection vulnerability in Boonex Orca 2.0/2.0.2 PHP remote file inclusion vulnerability in layout/default/params.php in Boonex Orca 2.0 and 2.0.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the gConf[dir][layouts] parameter. | 9.3 |