Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-11-04 | CVE-2008-4898 | Cross-Site Scripting vulnerability in Planetluc Rateme 1.3.3 Cross-site scripting (XSS) vulnerability in planetluc RateMe 1.3.3 allows remote attackers to inject arbitrary web script or HTML via the rate parameter in a submit rate action. | 4.3 |
| 2008-11-04 | CVE-2008-4897 | SQL Injection vulnerability in Logz 1.3.1 SQL injection vulnerability in fichiers/add_url.php in Logz podcast CMS 1.3.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the art parameter. | 6.8 |
| 2008-11-04 | CVE-2008-4896 | Cross-Site Scripting vulnerability in Logz 1.3.1 Cross-site scripting (XSS) vulnerability in fichiers/add_url.php in Logz CMS 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the art parameter. | 4.3 |
| 2008-11-04 | CVE-2008-4894 | Path Traversal vulnerability in Tribiq CMS 5.0.10A Directory traversal vulnerability in templates/mytribiqsite/tribal-GPL-1066/includes/header.inc.php in Tribiq CMS 5.0.10a, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the template_path parameter. | 5.1 |
| 2008-11-04 | CVE-2008-4892 | Cross-Site Scripting vulnerability in Planetluc Mygallery 1.7.2 Cross-site scripting (XSS) vulnerability in gallery.inc.php in Planetluc MyGallery 1.7.2 and earlier, and possibly other versions before 1.8.1, allows remote attackers to inject arbitrary web script or HTML via the mghash parameter. | 4.3 |
| 2008-11-04 | CVE-2008-4891 | Cross-Site Scripting vulnerability in Planetluc Signme 1.5 Cross-site scripting (XSS) vulnerability in signme.inc.php in Planetluc SignMe 1.5 before 1.55 allows remote attackers to inject arbitrary web script or HTML via the hash parameter. | 4.3 |
| 2008-11-04 | CVE-2008-4913 | Path Traversal vulnerability in Lokicms Directory traversal vulnerability in admin.php in LokiCMS 0.3.3 and earlier allows remote attackers to delete arbitrary files via a .. | 5.0 |
| 2008-11-04 | CVE-2008-4909 | Cross-Site Scripting vulnerability in Compact CMS Compact CMS Cross-site request forgery (CSRF) vulnerability in CompactCMS 1.1 and earlier allows remote attackers to perform unauthorized actions as legitimate users via unspecified vectors. | 4.3 |
| 2008-11-04 | CVE-2008-4888 | Cross-Site Scripting vulnerability in Netrisk 1.9.7 Cross-site scripting (XSS) vulnerability in error.php in NetRisk 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter to index.php. | 4.3 |
| 2008-11-03 | CVE-2008-3868 | Cross-Site Request Forgery (CSRF) vulnerability in Cce-Interact Interact 2.4.1 Cross-site request forgery (CSRF) vulnerability in Interact 2.4.1 allows remote attackers to hijack the authentication of super administrators for requests that create super administrator accounts. | 6.8 |