Vulnerabilities > Xerver > Xerver > 4.32

DATE CVE VULNERABILITY TITLE RISK
2009-10-05 CVE-2009-3562 Cross-Site Scripting vulnerability in Xerver 4.32
Cross-site scripting (XSS) vulnerability in Xerver HTTP Server 4.32 allows remote attackers to inject arbitrary web script or HTML via the currentPath parameter in a chooseDirectory action.
network
high complexity
xerver CWE-79
2.6
2.6
2009-10-05 CVE-2009-3561 Path Traversal vulnerability in Xerver 4.32
Directory traversal vulnerability in Xerver HTTP Server 4.32 allows remote attackers to read arbitrary files via a full pathname with a drive letter in the currentPath parameter in a chooseDirectory action.
network
low complexity
xerver CWE-22
5.0
5.0
2009-10-05 CVE-2009-3544 Information Exposure vulnerability in Xerver 4.32
Xerver HTTP Server 4.32 allows remote attackers to obtain the source code for a web page via an HTTP request with the addition of ::$DATA after the HTML file name.
network
low complexity
xerver CWE-200
5.0
5.0