Vulnerabilities > Comscripts > CS Forum > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-06-23 | CVE-2006-3171 | Remote Security vulnerability in Cs-Forum CRLF injection vulnerability in CS-Forum before 0.82 allows remote attackers to inject arbitrary email headers via a newline character in the email parameter to ajouter.php. | 5.0 |
| 2006-06-23 | CVE-2006-3170 | Information Disclosure vulnerability in Cs-Forum CS-Forum before 0.82 allows remote attackers to obtain sensitive information via unspecified manipulations, possibly involving an empty collapse[] or readall parameter to index.php, which reveals the installation path in an error message. | 5.0 |
| 2006-06-23 | CVE-2006-3169 | Cross-Site Scripting vulnerability in Cs-Forum Multiple cross-site scripting (XSS) vulnerabilities in CS-Forum 0.81 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) msg_result and (2) rep_titre parameters in (a) read.php; and the (3) id and (4) parent parameters and (5) CSForum_nom, (6) CSForum_mail, and (7) CSForum_url cookie parameters in (b) ajouter.php. network comscripts | 4.3 |