Vulnerabilities > Hulihanapplications > Diamondlist > 0.1.6
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-08-16 | CVE-2010-3024 | Cross-Site Request Forgery (CSRF) vulnerability in Hulihanapplications Diamondlist 0.1.6 Multiple cross-site request forgery (CSRF) vulnerabilities in user/main/update_user in DiamondList 0.1.6, and possibly earlier, allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrative password or (2) change the site's configuration. | 6.8 |
2010-08-16 | CVE-2010-3023 | Cross-Site Scripting vulnerability in Hulihanapplications Diamondlist 0.1.6 Multiple cross-site scripting (XSS) vulnerabilities in DiamondList 0.1.6, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) category[description] parameter to user/main/update_category, which is not properly handled by _app/views/categories/index.html.erb; and the (2) setting[site_title] parameter to user/main/update_settings, which is not properly handled by _app/views/settings/_list_settings.rhtml. | 4.3 |