Vulnerabilities > Chatelao > PHP Address Book > 3.4.6
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2012-09-09 | CVE-2012-1912 | Cross-Site Scripting vulnerability in Chatelao PHP Address Book Cross-site scripting (XSS) vulnerability in preferences.php in PHP Address Book 7.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the from parameter. | 4.3 |
2012-09-09 | CVE-2012-1911 | SQL Injection vulnerability in Chatelao PHP Address Book Multiple SQL injection vulnerabilities in PHP Address Book 6.2.12 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) to_group parameter to group.php or (2) id parameter to vcard.php. | 7.5 |
2012-05-21 | CVE-2012-2903 | Cross-Site Scripting vulnerability in Chatelao PHP Address Book Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 7.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to group.php, or the (2) target_language or (3) target_flag parameter to translate.php. | 4.3 |