4homepages : Security Vulnerabilities, CVEs, Published In 2009 (XSS) CVSS score >= 1
Cross-site scripting (XSS) vulnerability in includes/functions.php in 4images 1.7 through 1.7.7 allows remote attackers to inject arbitrary web script or HTML via vectors related to the url variable.
Max CVSS
4.3
EPSS Score
0.25%
Published
2009-07-08
Updated
2017-08-17
Cross-site scripting (XSS) vulnerability in 4images 1.7.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML by providing a crafted user_homepage parameter to member.php, and then posting a comment associated with a picture.
Max CVSS
3.5
EPSS Score
0.11%
Published
2009-06-19
Updated
2017-09-29
2 vulnerabilities found