Vulnerabilities > Zoneo Soft > Freeforum > 1.1.1

DATE CVE VULNERABILITY TITLE RISK
2006-03-02 CVE-2006-0958 HTML Injection vulnerability in freeForum
Cross-site scripting (XSS) vulnerability in func.inc.php in ZoneO-Soft freeForum before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the (1) name and (2) subject parameters.
network
zoneo-soft
4.3
4.3
2006-03-02 CVE-2006-0957 Remote PHP Script Code Injection vulnerability in freeForum
Direct static code injection vulnerability in func.inc.php in ZoneO-Soft freeForum before 1.2.1 allows remote attackers to execute arbitrary PHP code via the (1) X-Forwarded-For and (2) Client-Ip HTTP headers, which are stored in Data/flood.db.php.
network
low complexity
zoneo-soft
7.5
7.5