Multiple cross-site scripting (XSS) vulnerabilities in index.php in DevTracker module 3.0 for bcoos 1.1.11 and earlier, and DevTracker module 0.20 for E-XooPS 1.0.8 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) direction and (2) order_by parameters.
Max CVSS
4.3
EPSS Score
0.48%
Published
2009-08-24
Updated
2017-08-17
SQL injection vulnerability in modules/adresses/viewcat.php in bcoos 1.0.13, and possibly earlier, allows remote authenticated users with Addresses module permissions to execute arbitrary SQL commands via the cid parameter.
Max CVSS
4.6
EPSS Score
0.87%
Published
2009-03-02
Updated
2017-09-29
Directory traversal vulnerability in highlight.php in bcoos 1.0.9 through 1.0.13 allows remote attackers to read arbitrary files via (1) .. (dot dot) or (2) C: folder sequences in the file parameter.
Max CVSS
5.0
EPSS Score
1.80%
Published
2008-05-20
Updated
2017-08-08
3 vulnerabilities found