Vulnerabilities > Gforge > Gforge > 4.6.b2

DATE CVE VULNERABILITY TITLE RISK
2009-02-19 CVE-2008-6188 SQL Injection vulnerability in Gforge
SQL injection vulnerability in people/editprofile.php in Gforge 4.6 rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the skill_edit[] parameter.
network
low complexity
gforge CWE-89
7.5
7.5
2007-10-05 CVE-2007-3918 Cross-Site Scripting vulnerability in Gforge 4.6B2
Cross-site scripting (XSS) vulnerability in account/verify.php in GForge 4.6b2 allows remote attackers to inject arbitrary web script or HTML via the confirm_hash parameter.
network
gforge CWE-79
4.3
4.3