Vulnerabilities > Webgui
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-10-30 | CVE-2008-4798 | Code Injection vulnerability in Webgui The loadModule function in lib/WebGUI/Asset.pm in WebGUI before 7.5.30 (stable) allows remote attackers to execute arbitrary code by uploading a Perl module and accessing it via a crafted URL. | 9.3 |
2008-08-06 | CVE-2008-3503 | Improper Authentication vulnerability in Webgui Plain Black Webgui RSSFromParent in Plain Black WebGUI before 7.5.13 does not restrict view access to Collaboration System (CS) RSS feeds, which allows remote attackers to obtain sensitive information (CS data). | 5.0 |
2008-02-25 | CVE-2008-0940 | Cross-Site Scripting vulnerability in Webgui Cross-site scripting (XSS) vulnerability in Plain Black WebGUI before 7.4.24 allows remote attackers to inject arbitrary web script or HTML when creating a username, a different vulnerability than CVE-2007-0407. | 4.3 |