Vulnerabilities > Powie > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-02-24 | CVE-2012-1211 | Cross-Site Scripting vulnerability in Powie Pfile 1.02 Cross-site scripting (XSS) vulnerability in pfile/kommentar.php in Powie pFile 1.02 allows remote attackers to inject arbitrary web script or HTML via the filecat parameter. | 4.3 |
| 2008-07-10 | CVE-2008-3131 | SQL Injection vulnerability in Powie Psys 0.7.0 SQL injection vulnerability in chatbox.php in pSys 0.7.0 Alpha, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the showid parameter. | 6.8 |
| 2004-08-16 | CVE-2004-1716 | HTML Injection vulnerability in PScript PForum User Profile Cross-site scripting (XSS) vulnerability in PForum before 1.26 allows remote attackers to inject arbitrary web script or HTML via the (1) IRC Server or (2) AIM ID fields in the user profile. network powie | 6.8 |