Vulnerabilities > Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2008-11-04	CVE-2008-4909	Cross-Site Scripting vulnerability in Compact CMS Compact CMS Cross-site request forgery (CSRF) vulnerability in CompactCMS 1.1 and earlier allows remote attackers to perform unauthorized actions as legitimate users via unspecified vectors. network compact-cms CWE-79	4.3
2008-11-04	CVE-2008-4888	Cross-Site Scripting vulnerability in Netrisk 1.9.7 Cross-site scripting (XSS) vulnerability in error.php in NetRisk 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter to index.php. network netrisk CWE-79	4.3
2008-11-03	CVE-2008-3868	Cross-Site Request Forgery (CSRF) vulnerability in Cce-Interact Interact 2.4.1 Cross-site request forgery (CSRF) vulnerability in Interact 2.4.1 allows remote attackers to hijack the authentication of super administrators for requests that create super administrator accounts. network cce-interact CWE-352	6.8
2008-11-03	CVE-2008-3867	SQL Injection vulnerability in Cce-Interact Interact 2.4.1 SQL injection vulnerability in spaces/emailuser.php in Interact 2.4.1 allows remote attackers to execute arbitrary SQL commands via the email_user_key parameter. network cce-interact CWE-89	6.8
2008-11-01	CVE-2008-4877	SQL Injection vulnerability in Mywebcards Webcards SQL injection vulnerability in admin.php in WebCards 1.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter. network mywebcards CWE-89	6.8
2008-11-01	CVE-2008-4876	Cross-Site Scripting vulnerability in Philips Electronics Voip841 Dect Phone 1.0.4.48/1.0.4.50 Cross-site scripting (XSS) vulnerability in the web server component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote attackers to inject arbitrary web script or HTML via the request URL, which is not properly handled in a 404 web error page. network philips-electronics CWE-79	4.3
2008-11-01	CVE-2008-4875	Path Traversal vulnerability in Philips Electronics Voip841 Dect Phone 1.0.4.48/1.0.4.50 Directory traversal vulnerability in the web server in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote authenticated users to read arbitrary files via a .. network low complexity philips-electronics CWE-22	6.8
2008-11-01	CVE-2008-4874	Credentials Management vulnerability in Philips Electronics Voip841 Dect Phone 1.0.4.48/1.0.4.50 The web component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 has a back door "service" account with "service" as its password, which makes it easier for remote attackers to obtain access. network low complexity philips-electronics CWE-255	5.0
2008-11-01	CVE-2008-4872	Cross-Site Scripting vulnerability in Itechscripts Itechbids 5.0 Cross-site scripting (XSS) vulnerability in bidhistory.php in iTechBids Gold 5.0 allows remote attackers to inject arbitrary web script or HTML via the item_id parameter. network itechscripts CWE-79	4.3
2008-11-01	CVE-2008-4871	Cross-Site Scripting vulnerability in MY Little Forum MY Little Forum 1.75/2.0 Cross-site scripting (XSS) vulnerability in My Little Forum 1.75 and 2.0 Beta 23 allows remote attackers to inject arbitrary web script or HTML via BBcode IMG tags. network my-little-forum CWE-79	4.3

Vulnerabilities > Medium {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Medium"}]}

Vulnerabilities > Medium