CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 2CVE-2009-3598 – eCardMAX FormXP - 'survey_result.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-3598
08 Oct 2009 — Cross-site scripting (XSS) vulnerability in survey_result.php in eCardMAX FormXP 2007 allows remote attackers to inject arbitrary web script or HTML via the sid parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en survey_result.php en eCardMAX FormXP 2007 permite a los atacantes remotos inyectar arbitrariamente una secuencia de comandos web o HTML a través del parámetro sid. • https://www.exploit-db.com/exploits/34871 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 14%CPEs: 2EXPL: 4CVE-2007-1906 – eCardMAX HotEditor 4.0 - 'Keyboard.php' Local File Inclusion
https://notcve.org/view.php?id=CVE-2007-1906
10 Apr 2007 — Directory traversal vulnerability in richedit/keyboard.php in eCardMAX HotEditor (Hot Editor) 4.0, and the HotEditor plugin for MyBB, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the first parameter. Vulnerabilidad de salto de directorio en richedit/keyboard.php de eCardMAX HotEditor (Hot Editor) 4.0, y el plugin HotEditor para MyBB, permite a atacantes remotos incluir y ejecutar código de su elección mediante una secuencia .. (punto punto) en el primer parámetr... • https://www.exploit-db.com/exploits/29827 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2006-0093
https://notcve.org/view.php?id=CVE-2006-0093
05 Jan 2006 — Cross-site scripting (XSS) vulnerability in index.php in @Card ME PHP allows remote attackers to inject arbitrary web script or HTML via the cat parameter. • http://osvdb.org/ref/22/22203-ecardmax.txt •