Vulnerabilities > Yourfreeworld > Apartment Search Script > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-04-10 | CVE-2008-6684 | Improper Input Validation vulnerability in Yourfreeworld Apartment Search Script Unrestricted file upload vulnerability in editimage.php in Apartment Search Script allows remote attackers to execute arbitrary code by uploading a file with an executable extension and a GIF header, then accessing this file via a direct request to a renamed file in Member_Admin/logo/. | 6.8 |
| 2009-04-10 | CVE-2008-6683 | Cross-Site Scripting vulnerability in Yourfreeworld Apartment Search Script Cross-site scripting (XSS) vulnerability in listtest.php in Apartment Search Script allows remote attackers to inject arbitrary web script or HTML via the r parameter. | 4.3 |