Vulnerabilities > Webspell > Webspell > 4.1.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-06-04 | CVE-2009-1912 | Path Traversal vulnerability in Webspell Directory traversal vulnerability in src/func/language.php in webSPELL 4.2.0e and earlier allows remote attackers to include and execute arbitrary local .php files via a .. | 6.8 |
2008-03-24 | CVE-2008-1481 | Cross-Site Scripting vulnerability in Webspell 4.1.2 Cross-site scripting (XSS) vulnerability in index.php in webSPELL 4.1.2 allows remote attackers to inject arbitrary web script or HTML via the board parameter. | 4.3 |
2007-12-11 | CVE-2007-6309 | Cross-Site Scripting vulnerability in Webspell 4.1.2 Multiple cross-site scripting (XSS) vulnerabilities in index.php in webSPELL 4.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) the galleryID parameter in a usergallery upload action; or the (2) upID, (3) tag, (4) month, (5) userID, or (6) year parameter in a calendar announce action. | 4.3 |