Vulnerabilities > Zoneo Soft > Freeforum > 1.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-03-02 | CVE-2006-0958 | HTML Injection vulnerability in freeForum Cross-site scripting (XSS) vulnerability in func.inc.php in ZoneO-Soft freeForum before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the (1) name and (2) subject parameters. network zoneo-soft | 4.3 |
2006-03-02 | CVE-2006-0957 | Remote PHP Script Code Injection vulnerability in freeForum Direct static code injection vulnerability in func.inc.php in ZoneO-Soft freeForum before 1.2.1 allows remote attackers to execute arbitrary PHP code via the (1) X-Forwarded-For and (2) Client-Ip HTTP headers, which are stored in Data/flood.db.php. | 7.5 |