Vulnerabilities > Myphpscripts > Login Session

DATE CVE VULNERABILITY TITLE RISK
2009-01-06 CVE-2008-5855 Permissions, Privileges, and Access Controls vulnerability in Myphpscripts Login Session 2.0
myPHPscripts Login Session 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to discover usernames, e-mail addresses, and password hashes via a direct request for users.txt.
network
low complexity
myphpscripts CWE-264
5.0
5.0
2009-01-06 CVE-2008-5854 Cross-Site Scripting vulnerability in Myphpscripts Login Session 2.0
Multiple cross-site scripting (XSS) vulnerabilities in login.php in myPHPscripts Login Session 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) ls_user and (2) ls_email parameters (aka the User form) in an ls_register action. 		4.3
4.3