CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2009-3598 – eCardMAX FormXP - 'survey_result.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-3598
Cross-site scripting (XSS) vulnerability in survey_result.php in eCardMAX FormXP 2007 allows remote attackers to inject arbitrary web script or HTML via the sid parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en survey_result.php en eCardMAX FormXP 2007 permite a los atacantes remotos inyectar arbitrariamente una secuencia de comandos web o HTML a través del parámetro sid. • https://www.exploit-db.com/exploits/34871 http://osvdb.org/55859 http://packetstormsecurity.org/0907-exploits/formxp-xss.txt http://secunia.com/advisories/35836 https://exchange.xforce.ibmcloud.com/vulnerabilities/51723 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 8%CPEs: 2EXPL: 4CVE-2007-1906 – eCardMAX HotEditor 4.0 - 'Keyboard.php' Local File Inclusion
https://notcve.org/view.php?id=CVE-2007-1906
Directory traversal vulnerability in richedit/keyboard.php in eCardMAX HotEditor (Hot Editor) 4.0, and the HotEditor plugin for MyBB, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the first parameter. Vulnerabilidad de salto de directorio en richedit/keyboard.php de eCardMAX HotEditor (Hot Editor) 4.0, y el plugin HotEditor para MyBB, permite a atacantes remotos incluir y ejecutar código de su elección mediante una secuencia .. (punto punto) en el primer parámetro. • https://www.exploit-db.com/exploits/29827 http://osvdb.org/34776 http://secunia.com/advisories/24825 http://securityreason.com/securityalert/2533 http://www.expw0rm.com/hot-editor-v40-local-file-inclusion_no113.html http://www.expw0rm.com/mybb-hot-editor-plugin-local-file-inclusion_no114.html http://www.securityfocus.com/archive/1/465092/100/0/threaded http://www.securityfocus.com/archive/1/465094/100/0/threaded http://www.securityfocus.com/bid/23377 http://www.vupen.com&# •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2006-0093
https://notcve.org/view.php?id=CVE-2006-0093
Cross-site scripting (XSS) vulnerability in index.php in @Card ME PHP allows remote attackers to inject arbitrary web script or HTML via the cat parameter. • http://osvdb.org/ref/22/22203-ecardmax.txt http://secunia.com/advisories/18306 http://www.osvdb.org/22203 http://www.vupen.com/english/advisories/2006/0039 •