CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2015-6945 – JSPMySQL Administrador - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-6945
Cross-site scripting (XSS) vulnerability in JSP/MySQL Administrador Web 1 allows remote attackers to inject arbitrary web script or HTML via the bd parameter to sys/sys/listaBD2.jsp. Vulnerabilidad de XSS en JSP/MySQL Administrador Web 1, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro bd en sys/sys/listaBD2.jsp. JSPMySQL Administrador version 1 suffers from cross site request forgery and cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/38098 http://hyp3rlinx.altervista.org/advisories/AS-JSPMYSQLADMINISTRADOR-0904.txt http://packetstormsecurity.com/files/133466/JSPMySQL-Administrador-1-Cross-Site-Request-Forgery-Cross-Site-Scripting.html http://www.securityfocus.com/archive/1/536406/100/0/threaded • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 2CVE-2015-6944 – JSPMySQL Administrador - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-6944
Cross-site request forgery (CSRF) vulnerability in JSP/MySQL Administrador Web 1 allows remote attackers to hijack the authentication of users for requests that execute arbitrary SQL commands via the cmd parameter to sys/sys/listaBD2.jsp. Vulnerabilidad CSRF en JSP/MySQL Administrador Web 1, permite a atacantes remotos secuestrar la autenticación de usuarios para peticiones que ejecutan comandos SQL arbitrarios a través del parámetro cmd en sys/sys/listaBD2.jsp. JSPMySQL Administrador version 1 suffers from cross site request forgery and cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/38098 http://hyp3rlinx.altervista.org/advisories/AS-JSPMYSQLADMINISTRADOR-0904.txt http://packetstormsecurity.com/files/133466/JSPMySQL-Administrador-1-Cross-Site-Request-Forgery-Cross-Site-Scripting.html http://www.securityfocus.com/archive/1/536406/100/0/threaded • CWE-352: Cross-Site Request Forgery (CSRF) •