Bitweaver : Security Vulnerabilities, CVEs, (XSS) CVSS score >= 6
Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 2.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) stats/index.php or (2) newsletters/edition.php or the (3) username parameter to users/remind_password.php, (4) days parameter to stats/index.php, (5) login parameter to users/register.php, or (6) highlight parameter.
Max CVSS
6.1
EPSS Score
0.19%
Published
2019-11-13
Updated
2019-11-15
Multiple cross-site scripting (XSS) vulnerabilities in bitweaver 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the message title field when submitting an article to articles/edit.php, (2) the message title field when submitting a blog post to blogs/post.php, or (3) the message description field when editing in the Sandbox in wiki/edit.php.
Max CVSS
6.8
EPSS Score
4.82%
Published
2007-01-13
Updated
2017-07-29
2 vulnerabilities found