Cross-site scripting (XSS) vulnerability in AWFFull before 3.7.4, when AllSearchStr (aka the All Search Terms report) is enabled, allows remote attackers to inject arbitrary web script or HTML via a search string.
Max CVSS
4.3
EPSS Score
0.54%
Published
2007-06-20
Updated
2011-03-08
Multiple buffer overflows in (1) graphs.c, (2) output.c, and (3) preserve.c in AWFFull 3.7.1 and earlier have unknown impact and attack vectors. NOTE: some of these details are obtained from third party information. NOTE: There may not be any attack vector that crosses privilege boundaries.
Max CVSS
10.0
EPSS Score
0.43%
Published
2007-01-26
Updated
2017-07-29
2 vulnerabilities found