Vulnerabilities > Paperthin > Commonspot Content Server > 4.0

DATE	CVE	VULNERABILITY TITLE	RISK
2005-12-29	CVE-2005-4575	Information Disclosure vulnerability in CommonSpot Content Server PaperThin CommonSpot Content Server 4.5 and earlier allow remote attackers to obtain sensitive information via an invalid errmsg parameter to loader.cfm with a url parameter set to email-login-info.cfm, which leaks the full pathname in the resulting error message. network low complexity paperthin	5.0
2005-12-29	CVE-2005-4574	Cross-Site Scripting vulnerability in PaperThin CommonSpot Content Server Cross-site scripting (XSS) vulnerability in loader.cfm in PaperThin CommonSpot Content Server 4.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the bNewWindow parameter. network paperthin	4.3

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.