CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2008-6404 – eXtrovert software Thyme 1.3 - 'add_calendars.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-6404
Cross-site scripting (XSS) vulnerability in add_calendars.php in eXtrovert Software Thyme 1.3 allows remote attackers to inject arbitrary web script or HTML via the callback parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en add_calendars.php en eXtrovert Software Thyme v1.3 permite a atacantes remotos inyectar web script o HTML a través del parámetro "callback". • https://www.exploit-db.com/exploits/32398 http://www.digitrustgroup.com/advisories/web-application-security-thyme2.html http://www.securityfocus.com/bid/31287 https://exchange.xforce.ibmcloud.com/vulnerabilities/45302 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2009-0535 – Thyme 1.3 - 'export_to' Local File Inclusion
https://notcve.org/view.php?id=CVE-2009-0535
Directory traversal vulnerability in export.php in Thyme 1.3 and earlier, when register_globals is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the export_to parameter. Vulnerabilidad de salto de directorio en export.php en Thyme v1.3 y anteriores, cuando register_globals está desactivado, permite a atacantes remotos leer archivos de su elección a través de ..(punto punto) en el parámetro "export_to". • https://www.exploit-db.com/exploits/8029 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2008-6116 – Joomla! Component Thyme 1.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2008-6116
SQL injection vulnerability in the EXtrovert Software Thyme (com_thyme) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the event parameter to index.php. Vulnerabilidad de inyección SQL en el componente EXtrovert Software Thyme (com_thyme)v1.0 para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "event" al index.php. • https://www.exploit-db.com/exploits/7182 http://www.securityfocus.com/bid/32417 https://exchange.xforce.ibmcloud.com/vulnerabilities/46777 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2006-2117
https://notcve.org/view.php?id=CVE-2006-2117
Cross-site scripting (XSS) vulnerability in Thyme 1.3 allows remote attackers to inject arbitrary web script or HTML via the search page. • http://secunia.com/advisories/19909 http://securityreason.com/securityalert/822 http://www.aria-security.net/portals/thyme http://www.attrition.org/pipermail/vim/2006-September/001019.html http://www.securityfocus.com/archive/1/432588/100/0/threaded http://www.securityfocus.com/bid/17746 http://www.vupen.com/english/advisories/2006/1602 https://exchange.xforce.ibmcloud.com/vulnerabilities/26188 •