Vulnerabilities > PHP Stats > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-02-20 | CVE-2008-6212 | Cross-Site Scripting vulnerability in PHP-Stats 0.1.9.1 Cross-site scripting (XSS) vulnerability in admin.php in Php-Stats 0.1.9.1 allows remote attackers to inject arbitrary web script or HTML via the (1) sel_mese and (2) sel_anno parameters in a systems action. | 4.3 |
| 2007-09-17 | CVE-2007-4917 | Cross-Site Scripting vulnerability in PHP-Stats 0.1.9.2 Cross-site scripting (XSS) vulnerability in tracking.php in PHP-Stats 0.1.9.2 allows remote attackers to inject arbitrary web script or HTML via the ip parameter in an online action, a different vector than CVE-2007-4334. | 4.3 |
| 2007-08-14 | CVE-2007-4334 | Cross-Site Scripting vulnerability in PHP-Stats 0.1.9.2 Cross-site scripting (XSS) vulnerability in whois.php in Php-stats 0.1.9.2 allows remote attackers to inject arbitrary web script or HTML via the IP parameter. network php-stats | 4.3 |
| 2006-03-09 | CVE-2006-1088 | Input Validation and Information Disclosure vulnerability in PHP-Stats PHP-Stats 0.1.9.1 and earlier allows remote attackers to obtain potentially sensitive information via a direct request to checktables.php, which lists the database table_prefix. | 5.0 |
| 2006-03-09 | CVE-2006-1087 | Input Validation and Information Disclosure vulnerability in PHP-Stats Direct static code injection vulnerability in the modify_config action in admin.php for PHP-Stats 0.1.9.1 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the option_new[compatibility_mode] parameter, which is not filtered before being stored in config.php. | 6.5 |