CVE-2008-6465
https://notcve.org/view.php?id=CVE-2008-6465
Multiple cross-site scripting (XSS) vulnerabilities in login.php in webshell4 in Parallels H-Sphere 3.0.0 P9 and 3.1 P1 allow remote attackers to inject arbitrary web script or HTML via the (1) err, (2) errorcode, and (3) login parameters. Múltiples vulnerabilidades ejecución de secuencias de comandos en sitios cruzados (XSS) en login.php en webshell4 en Parallels H-Sphere 3.0.0 P9 y el 3.1 P1 permiten a atacantes remotos inyectar HTML o scripts web arbitrarios a través de los parámetros (1) err, (2) errorcode, y (3) login. • http://osvdb.org/48232 http://secunia.com/advisories/31830 http://www.securityfocus.com/bid/31256 http://www.xssing.com/index.php?x=3&y=65 https://exchange.xforce.ibmcloud.com/vulnerabilities/45252 https://exchange.xforce.ibmcloud.com/vulnerabilities/45254 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2008-1049
https://notcve.org/view.php?id=CVE-2008-1049
Unspecified vulnerability in Parallels SiteStudio before 1.7.2, and 1.8.x before 1.8b, as used in Parallels H-Sphere 3.0 before Patch 9 and 2.5 before Patch 11, has unknown impact and attack vectors. Vulnerabilidad no especificada en Parallels SiteStudio en versiones anteriores a 1.7.2, y 1.8.x en versiones anteriores 1.8b, como lo utilizado en Parallels H-Sphere 3.0 en versiones anteriores a Patch 9 y 2.5 en versiones anteriores a Patch 11, tiene un efecto y vectores de ataque desconocidos. • http://secunia.com/advisories/29084 http://www.psoft.net/misc/hs_ss_technical_update.html http://www.securityfocus.com/bid/28002 http://www.securitytracker.com/id?1019506 https://exchange.xforce.ibmcloud.com/vulnerabilities/40846 •