Vulnerabilities > Glfusion > Glfusion > 1.0.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-02-05 | CVE-2013-1466 | Cross-Site Scripting vulnerability in Glfusion Multiple cross-site scripting (XSS) vulnerabilities in glFusion before 1.2.2.pl4 allow remote attackers to inject arbitrary web script or HTML via the (1) subject parameter to profiles.php; (2) address1, (3) address2, (4) calendar_type, (5) city, (6) state, (7) title, (8) url, or (9) zipcode parameter to calendar/index.php; (10) title or (11) url parameter to links/index.php; or (12) PATH_INFO to admin/plugins/mediagallery/xppubwiz.php/. | 4.3 |
2009-04-09 | CVE-2009-1283 | Cryptographic Issues vulnerability in Glfusion glFusion before 1.1.3 performs authentication with a user-provided password hash instead of a password, which allows remote attackers to gain privileges by obtaining the hash and using it in the glf_password cookie, aka "User Masquerading." NOTE: this can be leveraged with a separate SQL injection vulnerability to steal hashes. | 6.8 |