Page 2 of 9 results (0.007 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2

Cross-site scripting (XSS) vulnerability in BadBlue Personal Edition 1.7.3 allows remote attackers to execute arbitrary script as other users by injecting script into the cleanSearchString() function. • https://www.exploit-db.com/exploits/21599 http://online.securityfocus.com/archive/1/281141 http://www.securityfocus.com/bid/5179 https://exchange.xforce.ibmcloud.com/vulnerabilities/9514 •

CVSS: 5.0EPSS: 84%CPEs: 2EXPL: 2

BadBlue server allows remote attackers to cause a denial of service (crash) via an HTTP GET request without a URI. • https://www.exploit-db.com/exploits/21600 http://archives.neohapsis.com/archives/bugtraq/2002-07/0082.html http://archives.neohapsis.com/archives/bugtraq/2002-07/0143.html http://www.iss.net/security_center/static/9528.php http://www.securityfocus.com/bid/5187 •

CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 2

BadBlue server allows remote attackers to read restricted files, such as EXT.INI, via an HTTP request that contains a hex-encoded null byte. • https://www.exploit-db.com/exploits/21616 http://archives.neohapsis.com/archives/bugtraq/2002-07/0143.html http://www.iss.net/security_center/static/9557.php http://www.securityfocus.com/bid/5226 •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1

BadBlue server stores passwords in plaintext in the ext.ini file, which could allow local and possibly remote attackers to gain privileges. • http://archives.neohapsis.com/archives/bugtraq/2002-07/0143.html http://www.iss.net/security_center/static/9558.php http://www.securityfocus.com/bid/5228 •