Vulnerabilities > Mkportal > Medium

DATE CVE VULNERABILITY TITLE RISK
2007-07-17 CVE-2007-3813 Remote Security vulnerability in Mkportal Noboard Module Beta
PHP remote file inclusion vulnerability in include/user.php in the NoBoard BETA module for MKPortal allows remote attackers to execute arbitrary PHP code via a URL in the MK_PATH parameter.
network
mkportal
4.3
4.3
2007-01-12 CVE-2007-0191 Cross-Site Scripting vulnerability in MKPortal
Cross-site scripting (XSS) vulnerability in admin.php in MKPortal allows remote attackers to inject arbitrary web script or HTML via two certain fields in a contents_new operation in the ad_contents section.
network
mkportal
6.8
6.8
2006-12-26 CVE-2006-6741 Cross-Site Request Forgery (CSRF) vulnerability in Mkportal 1.1
Cross-site request forgery (CSRF) vulnerability in urlobox in MKPortal allows remote attackers to delete arbitrary messages as an administrator via a delete operation in an img BBcode tag.
network
mkportal CWE-352
5.8
5.8
2006-10-03 CVE-2006-5139 Remote Security vulnerability in MKPortal
Unspecified vulnerability in MkPortal allows remote attackers to corrupt web site content, and possibly have other impact, via a certain long Message that affects "Tables," related to the Urlobox.
network
low complexity
mkportal
5.0
5.0
2006-09-09 CVE-2006-4665 Cross-Site Scripting vulnerability in Mkportal 1.1Rc1
Cross-site scripting (XSS) vulnerability in index.php in MKPortal M1.1 Rc1 allows remote attackers to inject arbitrary web script or HTML via the ind parameter, possibly related to the PHP_SELF variable.
network
mkportal
4.3
4.3
2006-04-27 CVE-2006-2066 Cross-Site Scripting vulnerability in Mkportal 1.1Rc1
Multiple cross-site scripting (XSS) vulnerabilities pm_popup.php in MKPortal 1.1 Rc1 and earlier, as used with vBulletin 3.5.4 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) u1, (2) m1, (3) m2, (4) m3, (5) m4 parameters.
network
mkportal CWE-79
4.3
4.3