MidnightBSD

Advisories for bananadance

CVE-2011-5168 HIGH

SQL injection vulnerability in user.php in Banana Dance before B.1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
bananadance banana_dance *
CVE-2011-5175 HIGH

SQL injection vulnerability in search.php in Banana Dance, possibly B.1.5 and earlier, allows remote attackers to execute arbitrary SQL commands via the category parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
bananadance banana_dance *
bananadance banana_dance 0.9
CVE-2011-5176 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in search.php in Banana Dance, possibly B.1.5 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) q or (2) category parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
bananadance banana_dance *
bananadance banana_dance 0.9