Vulnerabilities > Winn
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-12-29 | CVE-2011-5026 | Cross-Site Scripting vulnerability in Winn Guestbook Cross-site scripting (XSS) vulnerability in the addPost function in data/functions.php in Winn GuestBook before 2.4.8d allows remote attackers to inject arbitrary web script or HTML via the name parameter to index.php. | 4.3 |
| 2010-03-29 | CVE-2009-4760 | Permissions, Privileges, and Access Controls vulnerability in Winn ASP Guestbook 1.01 Winn ASP Guestbook 1.01 Beta stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for data/guestbook.mdb. | 5.0 |
| 2010-03-08 | CVE-2009-4678 | Cross-Site Scripting vulnerability in Winn Guestbook 2.4 Cross-site scripting (XSS) vulnerability in index.php in Winn Guestbook 2.4 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | 4.3 |