Citadel : Security Vulnerabilities, CVEs, Published In 2007
Multiple cross-site scripting (XSS) vulnerabilities in Webcit before 7.11 allow remote attackers to inject arbitrary web script or HTML via (1) the who parameter to showuser; and other vectors involving (2) calendar mode, (3) bulletin board mode, (4) room names, and (5) uploaded file names.
Max CVSS
2.6
EPSS Score
0.87%
Published
2007-07-17
Updated
2018-10-15
Cross-site request forgery (CSRF) vulnerability in Webcit before 7.11 allows remote attackers to modify configurations and perform other actions as arbitrary users via unspecified vectors.
Max CVSS
7.5
EPSS Score
2.74%
Published
2007-07-17
Updated
2018-10-15
2 vulnerabilities found