CVE-2010-4155
https://notcve.org/view.php?id=CVE-2010-4155
Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS 2.10 allow remote attackers to inject arbitrary web script or HTML via the (1) rssfeedURL parameter to manual/caferss/example.php and the sumb parameter to (2) modules/news/archive.php, (3) modules/news/topics.php, and (4) modules/contact/index.php, different vectors than CVE-2007-1965. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados en eXV2 CMS v2.10, permite a atacantes remotos inyectar secuencias de comando web y HTML de su elección a través de los parámetros (1) rssfeedURL a manual/caferss/example.php y sumb a (2) modules/news/archive.php, (3) modules/news/topics.php, y (4) modules/contact/index.php, vector distinto del CVE-2007-1965. • http://www.packetstormsecurity.com/1010-exploits/exv2-xss.txt http://www.securityfocus.com/bid/44169 http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4970.php https://exchange.xforce.ibmcloud.com/vulnerabilities/62630 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2008-1407 – eXV2 Module WebChat 1.60 - 'roomid' SQL Injection
https://notcve.org/view.php?id=CVE-2008-1407
SQL injection vulnerability in index.php in the WebChat 1.60 module for eXV2 allows remote attackers to execute arbitrary SQL commands via the roomid parameter. Vulnerabilidad de inyección SQL en index.php del módulo WebChat 1.60 para eXV2 permite a atacantes remotos ejecutar comandos SQL de su elección al utilizar el parámetro roomid. • https://www.exploit-db.com/exploits/5255 http://secunia.com/advisories/29390 http://www.securityfocus.com/bid/28256 https://exchange.xforce.ibmcloud.com/vulnerabilities/41213 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2008-1406 – eXV2 Module MyAnnonces - 'lid' SQL Injection
https://notcve.org/view.php?id=CVE-2008-1406
SQL injection vulnerability in annonces-p-f.php in the MyAnnonces 1.8 module for eXV2 allows remote attackers to execute arbitrary SQL commands via the lid parameter in an ImprAnn action. Vulnerabilidad de inyección SQL en annonces-p-f.php del módulo MyAnnonces 1.8 para eXV2 permite a atacantes remotos ejecutar comandos SQL de su elección utilizando el parámetro lid en una acción ImprAnn. • https://www.exploit-db.com/exploits/5252 http://secunia.com/advisories/29384 http://www.securityfocus.com/bid/28254 https://exchange.xforce.ibmcloud.com/vulnerabilities/41214 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2008-1404 – eXV2 Module Viso 2.0.4.3 - 'kid' SQL Injection
https://notcve.org/view.php?id=CVE-2008-1404
SQL injection vulnerability in index.php in the Viso (Industry Book) 2.04 and 2.03 module for eXV2 allows remote attackers to execute arbitrary SQL commands via the kid parameter. Vulnerabilidad de inyección SQL en index.php del módulo Viso (Industry Book) 2.04 y 2.03 para eXV2 permite a atacantes remotos ejecutar comandos SQL de su elección utilizando el parámetro kid. • https://www.exploit-db.com/exploits/5254 http://secunia.com/advisories/29389 http://www.securityfocus.com/bid/28255 https://exchange.xforce.ibmcloud.com/vulnerabilities/41216 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2008-1349 – eXV2 Module bamaGalerie 3.03 - SQL Injection
https://notcve.org/view.php?id=CVE-2008-1349
SQL injection vulnerability in viewcat.php in the bamaGalerie (Bama Galerie) 3.03 and 3.041 module for eXV2 2.0.6 allows remote attackers to execute arbitrary SQL commands via the cid parameter. Vulnerabilidad de inyección SQL de viewcat.php en bamaGalerie (Bama Galerie) 3.03 y 3.041 en los módulos eXV2 2.0.6, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "cid". • https://www.exploit-db.com/exploits/5244 http://packetstormsecurity.org/0804-exploits/runcms11a-sql.txt http://secunia.com/advisories/29359 http://secunia.com/advisories/29362 http://www.securityfocus.com/bid/28229 https://exchange.xforce.ibmcloud.com/vulnerabilities/41188 https://www.exploit-db.com/exploits/5340 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •