MidnightBSD

Advisories for asp_press

CVE-2005-0802 MEDIUM

Cross-site scripting (XSS) vulnerability in search.asp in ACS Blog 0.8 through 1.1b allows remote attackers to execute arbitrary web script or HTML via the search parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
asp_press acs_blog 0.8
asp_press acs_blog 1.1b
asp_press acs_blog 0.9
asp_press acs_blog 1.0
CVE-2005-0945 MEDIUM

Cross-site scripting (XSS) vulnerability in ACS Blog 1.1.1 allows remote attackers to inject arbitrary web script or HTML via onmouseover or onload events in (1) img, (2) link, or (3) mail tags.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
asp_press acs_blog 1.1.1
CVE-2005-1288 HIGH

inc_login_check.asp ACS Blog 0.8 through 1.1.3 allows remote attackers to gain administrator privileges via the "in" value in a cookie.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
asp_press acs_blog 0.8
asp_press acs_blog 1.0.2
asp_press acs_blog 1.1b
asp_press acs_blog 0.9
asp_press acs_blog 1.1.1
asp_press acs_blog 1.0.1
asp_press acs_blog 1.1.2
asp_press acs_blog 1.0.3
asp_press acs_blog 1.1
asp_press acs_blog 1.0