CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2009-4767 – Shoutbox 1.0 - HTML / Cross-Site Scripting Injection
https://notcve.org/view.php?id=CVE-2009-4767
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Plohni Shoutbox 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) input_name and (2) input_text parameters. NOTE: some of these details are obtained from third party information. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en index.php en Plohni Shoutbox v1.0 permiten a atacantes remotos inyectar HTML o scripts web a través de los parámetros (1) input_name y (2) input_text. NOTA: algunos de estos detalles han sido obtenidos de información de terceros. • https://www.exploit-db.com/exploits/10168 http://osvdb.org/60310 http://secunia.com/advisories/37418 http://www.exploit-db.com/exploits/10168 https://exchange.xforce.ibmcloud.com/vulnerabilities/54321 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2007-6298
https://notcve.org/view.php?id=CVE-2007-6298
Cross-site scripting (XSS) vulnerability in the Shoutbox module for Drupal 5.x before Shoutbox 5.x-1.1 allows remote authenticated users to inject arbitrary web script or HTML via Shoutbox block messages. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el módulo Shoutbox para Drupal 5.x versiones anteriores a Shoutbox 5.x-1.1 permite a usuarios remotos autenticados inyectar scripts web o HTML de su elección mediante mensajes de bloque Shoutbox. • http://drupal.org/node/198163 http://osvdb.org/39053 http://secunia.com/advisories/27953 http://www.securityfocus.com/bid/26736 https://exchange.xforce.ibmcloud.com/vulnerabilities/38885 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 11%CPEs: 1EXPL: 2CVE-2007-4330 – Shoutbox 1.0 - 'Shoutbox.php' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2007-4330
PHP remote file inclusion vulnerability in shoutbox.php in Shoutbox 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter. Vulnerabilidad de inclusión remota de archivo en PHP en shoutbox.php de Shoutbox 1.0 permite a atacantes remotos ejecutar código PHP de su elección mediante un URL en el parámetro root. • https://www.exploit-db.com/exploits/30479 http://osvdb.org/36622 http://secunia.com/advisories/26396 http://securityreason.com/securityalert/2997 http://www.securityfocus.com/archive/1/475960/100/0/threaded http://www.securityfocus.com/bid/25254 http://www.vupen.com/english/advisories/2007/2835 https://exchange.xforce.ibmcloud.com/vulnerabilities/35921 •
CVSS: 5.1EPSS: 41%CPEs: 2EXPL: 2CVE-2006-3989 – k_shoutbox 4.4 - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-3989
PHP remote file inclusion vulnerability in index.php in Knusperleicht Shoutbox 4.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the sb_include_path parameter. Vulnerabilidad PHP de inclusión remota de archivo en index.php en Knusperleicht Shoutbox 4.4 y anteriores permiten a atacantes remotos ejecutar código PHP de su elección a través de una URL en el parámetro sb_include_path. • https://www.exploit-db.com/exploits/2103 http://secunia.com/advisories/21302 http://securityreason.com/securityalert/1325 http://www.osvdb.org/27709 http://www.securityfocus.com/archive/1/441815/100/0/threaded http://www.securityfocus.com/bid/19273 http://www.vupen.com/english/advisories/2006/3090 https://exchange.xforce.ibmcloud.com/vulnerabilities/28123 •