Published: 28/12/2007 Updated: 15/10/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 440

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in Logaholic prior to 2.0 RC8 allow remote malicious users to inject arbitrary web script or HTML via (1) the newconfname parameter to profiles.php or (2) the conf parameter to index.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
logaholic logaholic 0

source: wwwsecurityfocuscom/bid/27003/info Logaholic is prone to multiple input-validation vulnerabilities, including multiple SQL-injection issues, a cross-site scripting issue, and an HTML-injection issue The issues occur because the application fails to sufficiently sanitize user-supplied data Exploiting these issues could all ...

source: wwwsecurityfocuscom/bid/27003/info Logaholic is prone to multiple input-validation vulnerabilities, including multiple SQL-injection issues, a cross-site scripting issue, and an HTML-injection issue The issues occur because the application fails to sufficiently sanitize user-supplied data Exploiting these issues could allow ...

CWE-79 http://www.securityfocus.com/bid/27003 http://secunia.com/advisories/28263 http://securityreason.com/securityalert/3496 http://osvdb.org/39793 http://osvdb.org/39792 https://exchange.xforce.ibmcloud.com/vulnerabilities/39223 http://www.securityfocus.com/archive/1/490101/100/0/threaded http://www.securityfocus.com/archive/1/485480/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/30932/

CVE-2007-6560

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect