Vulnerabilities > Eticket > Eticket > 1.5.5.2

DATE CVE VULNERABILITY TITLE RISK
2008-01-15 CVE-2008-0268 Cross-Site Scripting vulnerability in Eticket 1.5.5.2
Cross-site scripting (XSS) vulnerability in view.php in eTicket 1.5.5.2 allows remote attackers to inject arbitrary web script or HTML via the s parameter.
network
eticket CWE-79
4.3
4.3
2008-01-15 CVE-2008-0267 SQL Injection vulnerability in Eticket 1.5.5.2
Multiple SQL injection vulnerabilities in eTicket 1.5.5.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) status, (2) sort, and (3) way parameters to search.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (4) msg and (5) password parameters to admin.php.
network
low complexity
eticket CWE-89
7.5
7.5
2008-01-15 CVE-2008-0266 Cross-Site Request Forgery (CSRF) vulnerability in Eticket 1.5.5.2
Cross-site request forgery (CSRF) vulnerability in admin.php in eTicket 1.5.5.2 allows remote attackers to change the administrative password and possibly perform other administrative tasks.
network
high complexity
eticket CWE-352
2.6
2.6
2008-01-08 CVE-2008-0093 Cross-Site Scripting vulnerability in Eticket 1.5.5.2/1.5.6Rc2/1.5.6Rc3
Multiple cross-site scripting (XSS) vulnerabilities in newticket.php in eTicket 1.5.5.2, and 1.5.6 RC2 and RC3, allow remote attackers to inject arbitrary web script or HTML via the (1) Name and (2) Subject parameters.
network
eticket CWE-79
4.3
4.3