Cfmagic » Magic Forum Personal : Security Vulnerabilities, CVEs, CVSS score >= 3
Cross-site scripting (XSS) vulnerability in CFMagic Magic Forum Personal 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the Words parameter in search_forums.cfm, as used in the "Search For:" field.
Max CVSS
4.3
EPSS Score
0.29%
Published
2005-12-08
Updated
2011-03-08
Multiple SQL injection vulnerabilities in CFMagic Magic Forum Personal 2.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ForumID parameter in view_forum.cfm, and (2) ForumID, (3) Thread, and (4) ThreadID parameters in view_thread.cfm.
Max CVSS
7.5
EPSS Score
0.42%
Published
2005-12-08
Updated
2017-07-20
2 vulnerabilities found