Vulnerabilities > Xmpie

DATE CVE VULNERABILITY TITLE RISK
2005-12-20 CVE-2005-4356 SQL-Injection vulnerability in Ustore
SQL injection vulnerability in UStore allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields.
network
low complexity
xmpie
7.5
2005-12-20 CVE-2005-4355 Cross-Site Scripting vulnerability in Ustore
Multiple cross-site scripting (XSS) vulnerabilities in UStore allow remote attackers to inject arbitrary web script or HTML via the (1) Cat parameter in default.asp and the (2) accessdenied parameter in admin/default.asp.
network
xmpie
4.3