Vulnerabilities > Linpha > Linpha > 1.3.0

DATE CVE VULNERABILITY TITLE RISK
2009-09-14 CVE-2008-7223 Cross-Site Scripting vulnerability in Linpha
Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.3 allow remote attackers to inject arbitrary web script or HTML via (1) ftp/index.php, (2) viewer.php, (3) functions/other.php, (4) include/left_menu.class.php, or (5) plugins/stats/stats_view.php.
network
linpha CWE-79
4.3
4.3
2009-03-31 CVE-2008-6571 Cross-Site Scripting vulnerability in Linpha
Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.4 might allow remote attackers to inject arbitrary web script or HTML via (1) new_images.php, (2) login.php, and unspecified vectors.
network
linpha CWE-79
4.3
4.3
2008-04-16 CVE-2008-1856 Improper Input Validation vulnerability in Linpha
plugins/maps/db_handler.php in LinPHA 1.3.3 and earlier does not require authentication for a settings action that modifies the configuration file, which allows remote attackers to conduct directory traversal attacks and execute arbitrary local files by placing directory traversal sequences into the maps_type configuration setting, and then sending a request to maps_view.php, which causes plugins/maps/map.main.class.php to use the modified configuration.
network
high complexity
linpha CWE-20
5.1
5.1
2008-03-24 CVE-2008-1487 Cross-Site Scripting vulnerability in Linpha
Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.3 allow remote attackers to inject arbitrary web script or HTML via (1) ftp/index.php, (2) viewer.php, (3) functions/other.php, (4) include/left_menu.class.php, and (5) plugins/stats/stats_view.php.
network
linpha CWE-79
4.3
4.3