Positive Software » H-sphere : Security Vulnerabilities, CVEs, (XSS)
Cross-site scripting (XSS) vulnerability in the Hosting Control Panel (psoft.hsphere.CP) in Positive Software H-Sphere 2.4.3 Patch 8 and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter in a login action.
Max CVSS
4.3
EPSS Score
0.62%
Published
2006-01-13
Updated
2018-10-19
Cross-site scripting (XSS) vulnerability in H-Sphere 2.5.1 Beta 1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) next_template, (2) start, (3) curr_menu_id, and (4) arid parameters in psoft/servlet/resadmin/psoft.hsphere.CP when using the mailman/massmail.html template_name.
Max CVSS
2.6
EPSS Score
0.59%
Published
2006-06-28
Updated
2017-07-20
Cross-site scripting (XSS) vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote attackers to inject arbitrary web script or HTML via (1) the fn parameter during a dload action, (2) the mask parameter during a search action, and (3) the tab parameter during a sysinfo action.
Max CVSS
4.3
EPSS Score
0.20%
Published
2008-10-06
Updated
2017-08-08
3 vulnerabilities found