Vulnerabilities > Lussumo

DATE	CVE	VULNERABILITY TITLE	RISK
2010-04-09	CVE-2010-1337	Code Injection vulnerability in Lussumo Vanilla Multiple PHP remote file inclusion vulnerabilities in definitions.php in Lussumo Vanilla 1.1.10, and possibly 0.9.2 and other versions, allow remote attackers to execute arbitrary PHP code via a URL in the (1) include and (2) Configuration['LANGUAGE'] parameters. network low complexity lussumo CWE-94	7.5
2009-06-01	CVE-2009-1845	Cross-Site Scripting vulnerability in Lussumo Vanilla 1.1.5/1.1.7 Cross-site scripting (XSS) vulnerability in ajax/updatecheck.php in Lussumo Vanilla 1.1.5 and 1.1.7 allows remote attackers to inject arbitrary web script or HTML via the RequestName parameter. network lussumo CWE-79	4.3
2008-08-29	CVE-2008-3874	Cross-Site Scripting vulnerability in Lussumo Vanilla Cross-site scripting (XSS) vulnerability in account.php in Lussumo Vanilla 1.1.5-rc1, 1.1.4, and earlier allows remote authenticated users to inject arbitrary web script or HTML via the Value field (aka Label ==> Value pairs). network lussumo CWE-79	3.5
2008-08-21	CVE-2008-3760	Cross-Site Request Forgery (CSRF) vulnerability in Lussumo Vanilla Cross-site request forgery (CSRF) vulnerability in the sign-out page in Vanilla 1.1.4 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout via a SignOutNow action to people.php. network lussumo CWE-352	4.3
2008-08-21	CVE-2008-3759	Cross-Site Request Forgery (CSRF) vulnerability in Lussumo Vanilla Cross-site request forgery (CSRF) vulnerability in ajax/UpdateCheck.php in Vanilla 1.1.4 and earlier has unknown impact and remote attack vectors. network low complexity lussumo CWE-352	7.5
2008-08-21	CVE-2008-3758	Cross-Site Scripting vulnerability in Lussumo Vanilla Multiple cross-site scripting (XSS) vulnerabilities in Lussumo Vanilla 1.1.4 and earlier (1) allow remote attackers to inject arbitrary web script or HTML via the NewPassword parameter to people.php, and allow remote authenticated users to inject arbitrary web script or HTML via the (2) Account picture and (3) Icon fields in account.php. network lussumo CWE-79	4.3
2007-10-23	CVE-2007-5644	Permissions, Privileges, and Access Controls vulnerability in Lussumo Vanilla Lussumo Vanilla 1.1.3 and earlier does not require admin privileges for (1) ajax/sortcategories.php and (2) ajax/sortroles.php, which allows remote attackers to conduct unauthorized sort operations and other activities. network low complexity lussumo CWE-264	7.5
2007-10-23	CVE-2007-5643	SQL Injection vulnerability in Lussumo Vanilla Multiple SQL injection vulnerabilities in Lussumo Vanilla 1.1.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the CategoryID parameter to ajax/sortcategories.php or (2) an unspecified vector to ajax/sortroles.php. network low complexity lussumo CWE-89	7.5

Vulnerabilities > Lussumo {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Lussumo"}]}

Vulnerabilities > Lussumo