CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2008-2208
https://notcve.org/view.php?id=CVE-2008-2208
SQL injection vulnerability in index.php in Maian Greeting 2.1 allows remote attackers to execute arbitrary SQL commands via the keywords parameter in a search action. Vulnerabilidad de inyección SQL en index.php de Maian Greeting 2.1; permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro keywords en una acción search. • http://secunia.com/advisories/30069 http://securityreason.com/securityalert/3887 http://www.securityfocus.com/archive/1/491582/100/0/threaded http://www.securityfocus.com/bid/29032 https://exchange.xforce.ibmcloud.com/vulnerabilities/42199 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2008-2204
https://notcve.org/view.php?id=CVE-2008-2204
Multiple cross-site scripting (XSS) vulnerabilities in admin/inc/header.php in Maian Search 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) header, (2) header2, (3) header3, (4) header4, (5) header5, (6) header6, (7) header7, (8) header8, and (9) header9 parameters. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en admin/inc/header.php de Maian Search 1.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML mediante los parámetros 1) header, (2) header2, (3) header3, (4) header4, (5) header5, (6) header6, (7) header7, (8) header8 y (9) header9. • http://securityreason.com/securityalert/3883 http://www.securityfocus.com/archive/1/491586/100/0/threaded http://www.securityfocus.com/bid/29032 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2008-2212
https://notcve.org/view.php?id=CVE-2008-2212
Multiple cross-site scripting (XSS) vulnerabilities in Maian Cart 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_adminheader, (2) msg_adminheader2, (3) msg_adminheader3, (4) msg_adminheader4, and unspecified other parameters to admin/inc/header.php; the (5) msg_script3 and unspecified other parameters to admin/inc/footer.php; and the (6) keywords parameter to index.php in a search action. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Maian Cart 1.1 permiten a atacantes remotos inyectar secuencias de comandos web o HTML mediante los parámetros (1) msg_adminheader, (2) msg_adminheader2, (3) msg_adminheader3, (4) msg_adminheader4 y otros no especificados a admin/inc/header.php; (5) msg_script3 y otros no especificados a admin/inc/footer.php; y (6) keywords a index.php en una acción search. • http://securityreason.com/securityalert/3891 http://www.securityfocus.com/archive/1/491581/100/0/threaded http://www.securityfocus.com/bid/29032 https://exchange.xforce.ibmcloud.com/vulnerabilities/42194 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2008-2203
https://notcve.org/view.php?id=CVE-2008-2203
SQL injection vulnerability in search.php in Maian Search 1.1 allows remote attackers to execute arbitrary SQL commands via the keywords parameter in a search action. Vulnerabilidad de inyección SQL en search.php de Maian Search 1.1 permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro keywords en una acción search. • http://securityreason.com/securityalert/3883 http://www.securityfocus.com/archive/1/491586/100/0/threaded http://www.securityfocus.com/bid/29032 https://exchange.xforce.ibmcloud.com/vulnerabilities/42196 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2008-2210
https://notcve.org/view.php?id=CVE-2008-2210
Multiple cross-site scripting (XSS) vulnerabilities in Maian Support 1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_script, (2) msg_script2, and (3) msg_script3 parameters to admin/inc/footer.php; and the (4) msg_script2 parameter to admin/inc/header.php. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Maian Support 1.3; permiten a atacantes remotos inyectar secuencias de comandos Web o HTML de su elección a través de los parámetros (1) msg_script, (2) msg_script2, y (3) msg_script3 de admin/inc/footer.php; el parámetro (4) msg_script2 de admin/inc/header.php. • http://secunia.com/advisories/30068 http://securityreason.com/securityalert/3888 http://www.securityfocus.com/archive/1/491587/100/0/threaded http://www.securityfocus.com/bid/29032 https://exchange.xforce.ibmcloud.com/vulnerabilities/42205 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •