CVSS: 6.1EPSS: 2%CPEs: 30EXPL: 0CVE-2009-3731 – VMware Security Advisory 2009-0017
https://notcve.org/view.php?id=CVE-2009-3731
15 Dec 2009 — Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help 2.0 through 5.0 in VMware vCenter 4.0 before Update 1 Build 208156; VMware Server 2.0.2; VMware ESX 4.0; VMware Lab Manager 2.x; VMware vCenter Lab Manager 3.x and 4.x before 4.0.1; VMware Stage Manager 1.x before 4.0.1; WebWorks Publisher 6.x through 8.x; WebWorks Publisher 2003; and WebWorks ePublisher 9.0.x through 9.3, 2008.1 through 2008.4, and 2009.x before 2009.3 allow remote attackers to inject arbitrary web script or HTML via (1) ... • http://archives.neohapsis.com/archives/bugtraq/2009-12/0229.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2006-5081
https://notcve.org/view.php?id=CVE-2006-5081
29 Sep 2006 — PHP remote file inclusion vulnerability in acc.php in QuickBlogger (QB) 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. Vulnerabilidad PHP de inclusión remota de archivo en acc.php en QuickBlogger (QB) 1.4 permite a atacantes remotos ejecutar código PHP arbitrario mediante una URL en el parámetro page. • http://securityreason.com/securityalert/1651 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2006-1791
https://notcve.org/view.php?id=CVE-2006-1791
14 Apr 2006 — Directory traversal vulnerability in acc.php in QuickBlogger 1.4 allows remote attackers to read or include arbitrary local files via the request parameter. NOTE: this issue can also produce resultant XSS when the associated include statement fails. • http://secunia.com/advisories/15942 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2005-4785
https://notcve.org/view.php?id=CVE-2005-4785
31 Dec 2005 — Cross-site scripting (XSS) vulnerability in QuickBlogger 1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) author ("your name") and (2) "comment" section. • http://archives.neohapsis.com/archives/fulldisclosure/2005-07/0090.html •