CVSS: 6.5EPSS: 0%CPEs: 31EXPL: 0CVE-2008-5857
https://notcve.org/view.php?id=CVE-2008-5857
The DropDocuments plugin in KnowledgeTree before 3.5.4a allows remote authenticated users to gain administrative privileges via a certain sequence of "browse documents" and dashboard requests. El plugin DropDocuments en KnowledgeTree en versiones anteriores a la 3.5.4a permite a usuarios remotos autenticados obtener privilegios de administrador mediante una determinada secuencia de "navegar por los documentos" y peticiones al panel de Gestión. • http://issues.knowledgetree.com/browse/KTS-3921 http://secunia.com/advisories/33277 http://wiki.knowledgetree.com/Version_3.5.4a#Security http://www.securityfocus.com/bid/32920 https://exchange.xforce.ibmcloud.com/vulnerabilities/47530 •
CVSS: 4.3EPSS: 0%CPEs: 31EXPL: 0CVE-2008-5858
https://notcve.org/view.php?id=CVE-2008-5858
Multiple cross-site scripting (XSS) vulnerabilities in KnowledgeTree before 3.5.4a allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2007-4281. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en KnowledgeTree, en versiones anteriores a la 3.5.4a, permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante vectores no especificados, es una cuestión diferente a CVE-2007-4281. • http://secunia.com/advisories/33277 http://wiki.knowledgetree.com/Version_3.5.4a#Security http://www.securityfocus.com/bid/32920 https://exchange.xforce.ibmcloud.com/vulnerabilities/47529 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •