Vulnerabilities > Comscripts > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-03-25 | CVE-2010-1115 | Path Traversal vulnerability in Comscripts web Server Creator web Portal 0.1 Directory traversal vulnerability in news/include/customize.php in Web Server Creator - Web Portal 0.1 allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2010-03-25 | CVE-2010-1113 | Cross-Site Scripting vulnerability in Comscripts web Server Creator web Portal 0.1 Cross-site scripting (XSS) vulnerability in the forum page in Web Server Creator - Web Portal 0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to index.php. | 4.3 |
| 2009-04-07 | CVE-2008-6655 | Cross-Site Scripting vulnerability in Comscripts Gedcom TO Mysl 2 Multiple cross-site scripting (XSS) vulnerabilities in GEDCOM_TO_MYSQL 2 allow remote attackers to inject arbitrary web script or HTML via the (1) nom_branche and (2) nom parameters to php/prenom.php; the (3) nom_branche parameter to php/index.php; and the (4) nom_branche, (5) nom, and (6) prenom parameters to php/info.php. | 4.3 |
| 2007-09-18 | CVE-2007-4937 | Permissions, Privileges, and Access Controls vulnerability in Comscripts CS Guestbook CS Guestbook stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the admin name and MD5 password hash via a direct request for base/usr/0.php. | 5.0 |
| 2007-03-02 | CVE-2007-1144 | Path Traversal vulnerability in Comscripts J-Web Pics Navigator 1.0/2.0 Directory traversal vulnerability in jwpn-photos.php in J-Web Pics Navigator 2.0 allows remote attackers to list arbitrary directories via a .. | 5.0 |
| 2006-06-23 | CVE-2006-3171 | Remote Security vulnerability in Cs-Forum CRLF injection vulnerability in CS-Forum before 0.82 allows remote attackers to inject arbitrary email headers via a newline character in the email parameter to ajouter.php. | 5.0 |
| 2006-06-23 | CVE-2006-3170 | Information Disclosure vulnerability in Cs-Forum CS-Forum before 0.82 allows remote attackers to obtain sensitive information via unspecified manipulations, possibly involving an empty collapse[] or readall parameter to index.php, which reveals the installation path in an error message. | 5.0 |
| 2006-06-23 | CVE-2006-3169 | Cross-Site Scripting vulnerability in Cs-Forum Multiple cross-site scripting (XSS) vulnerabilities in CS-Forum 0.81 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) msg_result and (2) rep_titre parameters in (a) read.php; and the (3) id and (4) parent parameters and (5) CSForum_nom, (6) CSForum_mail, and (7) CSForum_url cookie parameters in (b) ajouter.php. network comscripts | 4.3 |