Vulnerabilities > Falcon > Series ONE CMS
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-12-20 | CVE-2007-6490 | Cross-Site Request Forgery (CSRF) vulnerability in Falcon Series ONE CMS 1.4.3 Cross-site request forgery (CSRF) vulnerability in Falcon Series One CMS 1.4.3 allows remote attackers to change a password via a certain changepass action to index.php. | 4.3 |
2007-12-20 | CVE-2007-6489 | Cross-Site Scripting vulnerability in Falcon Series ONE CMS 1.4.3 Multiple cross-site scripting (XSS) vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to inject arbitrary web script or HTML via the (1) gb_mail, (2) gb_name, and (3) gb_text parameters in a guestbook action to index.php, and unspecified other vectors. | 7.5 |
2007-12-20 | CVE-2007-6488 | Improper Input Validation vulnerability in Falcon Series ONE CMS 1.4.3 Multiple PHP remote file inclusion vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the dir[classes] parameter to sitemap.xml.php or (2) the error parameter to errors.php. | 6.8 |