Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2011-03-23	CVE-2010-4772	Cross-Site Scripting vulnerability in Matteoiammarrone S-Cms 2.5 Cross-site scripting (XSS) vulnerability in blocks/lang.php in S-CMS 2.5 allows remote attackers to inject arbitrary web script or HTML via the id parameter to viewforum.php. network matteoiammarrone CWE-79	4.3
2009-02-06	CVE-2008-6084	Improper Input Validation vulnerability in .Matteoiammarrone Iamma Simple Gallery 1.0/2.0 Unrestricted file upload vulnerability in pages/download.php in Iamma Simple Gallery 1.0 and 2.0 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the uploads directory. network matteoiammarrone CWE-20	6.8