Vulnerabilities > Webspell > Webspell > 4.1.2

DATE CVE VULNERABILITY TITLE RISK
2009-06-04 CVE-2009-1912 Path Traversal vulnerability in Webspell
Directory traversal vulnerability in src/func/language.php in webSPELL 4.2.0e and earlier allows remote attackers to include and execute arbitrary local .php files via a ..
network
webspell CWE-22
6.8
2008-03-24 CVE-2008-1481 Cross-Site Scripting vulnerability in Webspell 4.1.2
Cross-site scripting (XSS) vulnerability in index.php in webSPELL 4.1.2 allows remote attackers to inject arbitrary web script or HTML via the board parameter.
network
webspell CWE-79
4.3
2007-12-11 CVE-2007-6309 Cross-Site Scripting vulnerability in Webspell 4.1.2
Multiple cross-site scripting (XSS) vulnerabilities in index.php in webSPELL 4.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) the galleryID parameter in a usergallery upload action; or the (2) upID, (3) tag, (4) month, (5) userID, or (6) year parameter in a calendar announce action.
network
webspell CWE-79
4.3