4 results (0.014 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2

Cross-site scripting (XSS) vulnerability in add_calendars.php in eXtrovert Software Thyme 1.3 allows remote attackers to inject arbitrary web script or HTML via the callback parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en add_calendars.php en eXtrovert Software Thyme v1.3 permite a atacantes remotos inyectar web script o HTML a través del parámetro "callback". • https://www.exploit-db.com/exploits/32398 http://www.digitrustgroup.com/advisories/web-application-security-thyme2.html http://www.securityfocus.com/bid/31287 https://exchange.xforce.ibmcloud.com/vulnerabilities/45302 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

Directory traversal vulnerability in export.php in Thyme 1.3 and earlier, when register_globals is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the export_to parameter. Vulnerabilidad de salto de directorio en export.php en Thyme v1.3 y anteriores, cuando register_globals está desactivado, permite a atacantes remotos leer archivos de su elección a través de ..(punto punto) en el parámetro "export_to". • https://www.exploit-db.com/exploits/8029 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2

SQL injection vulnerability in pick_users.php in the groups module in eXtrovert Thyme 1.3 allows remote attackers to execute arbitrary SQL commands via the uname_search parameter. NOTE: some of these details are obtained from third party information. Vulnerabilidad de inyección SQL en pick_users.php en el módulo de grupos en el software eXtrovert Thyme v1.3 permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro uname_search. NOTA: algunos de estos detalles han sido obtenidos a partir de la información de terceras partes. • https://www.exploit-db.com/exploits/32342 http://secunia.com/advisories/31782 http://www.digitrustgroup.com/advisories/web-application-security-thyme.html http://www.securityfocus.com/bid/31063 https://exchange.xforce.ibmcloud.com/vulnerabilities/44970 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in Thyme 1.3 allows remote attackers to inject arbitrary web script or HTML via the search page. • http://secunia.com/advisories/19909 http://securityreason.com/securityalert/822 http://www.aria-security.net/portals/thyme http://www.attrition.org/pipermail/vim/2006-September/001019.html http://www.securityfocus.com/archive/1/432588/100/0/threaded http://www.securityfocus.com/bid/17746 http://www.vupen.com/english/advisories/2006/1602 https://exchange.xforce.ibmcloud.com/vulnerabilities/26188 •