4homepages : Security Vulnerabilities, CVEs, Published In 2009
Cross-site scripting (XSS) vulnerability in includes/functions.php in 4images 1.7 through 1.7.7 allows remote attackers to inject arbitrary web script or HTML via vectors related to the url variable.
Max CVSS
4.3
EPSS Score
0.25%
Published
2009-07-08
Updated
2017-08-17
Directory traversal vulnerability in global.php in 4images before 1.7.7, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the l parameter.
Max CVSS
6.8
EPSS Score
0.13%
Published
2009-06-19
Updated
2009-06-25
Cross-site scripting (XSS) vulnerability in 4images 1.7.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML by providing a crafted user_homepage parameter to member.php, and then posting a comment associated with a picture.
Max CVSS
3.5
EPSS Score
0.11%
Published
2009-06-19
Updated
2017-09-29
3 vulnerabilities found