Vulnerabilities > Runcms > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-03-14 | CVE-2006-1216 | Cross-Site Scripting vulnerability in RunCMS Cross-site scripting (XSS) vulnerability in bigshow.php in Runcms 1.x allows remote attackers to inject arbitrary web script or HTML via the id parameter. network runcms | 4.3 |
| 2006-02-24 | CVE-2006-0875 | Cross-Site Scripting vulnerability in RunCMS Cross-site scripting vulnerability in ratefile.php in RunCMS 1.3a5 allows remote attackers to inject arbitrary web script or HTML via the lid parameter. | 5.0 |
| 2006-02-13 | CVE-2006-0659 | Code Injection vulnerability in Runcms 1.1/1.1A Multiple PHP remote file include vulnerabilities in RunCMS 1.2 and earlier, with register_globals and allow_url_fopen enabled, allow remote attackers to execute arbitrary code via the bbPath[path] parameter in (1) class.forumposts.php and (2) forumpollrenderer.php. | 6.8 |
| 2005-05-02 | CVE-2005-1031 | Remote Arbitrary File Upload vulnerability in RunCMS RUNCMS 1.1A, and possibly other products based on e-Xoops (exoops), when "Allow custom avatar upload" is enabled, does not properly verify uploaded files, which allows remote attackers to upload arbitrary files. | 5.0 |