Kailash Nadh » Boastmachine » 2.5 : Security Vulnerabilities, CVEs, Published In 2006 (XSS)
Multiple cross-site scripting (XSS) vulnerabilities in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user_login, (2) full_name, and (3) URL parameters in register.php; and allow remote authenticated administrators to inject arbitrary web script or HTML via the (4) cat_list and (5) key parameters in a certain portion of the admin interface.
Max CVSS
4.3
EPSS Score
0.81%
Published
2006-07-25
Updated
2018-10-17
Cross-site scripting (XSS) vulnerability in (1) index.php and (2) bmc/admin.php in BoastMachine (bMachine) 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly filtered when it is accessed using the $_SERVER["PHP_SELF"] variable.
Max CVSS
6.8
EPSS Score
3.29%
Published
2006-05-19
Updated
2018-10-18
Cross-site scripting (XSS) vulnerability in search.php in boastMachine (bMachine) 2.7, and possibly other versions before 2.9b, allows remote attackers to inject arbitrary web script or HTML via the key parameter, as used by the search field.
Max CVSS
2.6
EPSS Score
0.68%
Published
2006-04-19
Updated
2018-10-18
3 vulnerabilities found