Multiple cross-site scripting (XSS) vulnerabilities in Barracuda Directory 1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) Add URL and (2) Suggest Category module. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| boonex | barracuda_directory | 1.1 |
SQL injection vulnerability in index.php in BoonEx Barracuda 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) link_dir_target and (2) link_id_target parameter, possibly involving the link_edit functionality.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| boonex | barracuda | * |
Dolphin 7.0.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by xmlrpc/BxDolXMLRPCProfileView.php and certain other files.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| boonex | dolphin | 7.0.4 |
Multiple cross-site scripting (XSS) vulnerabilities in Boonex Dolphin before 7.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) explain parameter to explanation.php or the (2) photos_only, (3) online_only, or (4) mode parameters to viewFriends.php.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| boonex | dolphin | 7.0.4 |
| boonex | dolphin | 5.2 |
| boonex | dolphin | 7.0.0 |
| boonex | dolphin | 6.1.2 |
| boonex | dolphin | 7.0.1 |
| boonex | dolphin | 7.0.3 |
| boonex | dolphin | 7.0.6 |
| boonex | dolphin | 7.0.2 |
| boonex | dolphin | 7.0.5 |
| boonex | dolphin | 5.1 |
| boonex | dolphin | * |
SQL injection vulnerability in Boonex Dolphin before 7.1.3 allows remote authenticated users to execute arbitrary SQL commands via the 'pathes' parameter in 'categories.php'.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| boonex | dolphin | * |
SQL injection vulnerability in administration/profiles.php in BoonEx Dolphin 7.1.4 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the members[] parameter. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-4333.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| boonex | dolphin | 7.0.4 |
| boonex | dolphin | 7.0.2 |
| boonex | dolphin | 7.0.7 |
| boonex | dolphin | 7.1.1 |
| boonex | dolphin | 7.1.0 |
| boonex | dolphin | 7.1.2 |
| boonex | dolphin | * |
| boonex | dolphin | 7.0.0 |
| boonex | dolphin | 7.0.1 |
| boonex | dolphin | 7.1.3 |
| boonex | dolphin | 7.0.3 |
| boonex | dolphin | 7.0.6 |
| boonex | dolphin | 7.0.9 |
| boonex | dolphin | 7.0.5 |
| boonex | dolphin | 7.0.8 |
Cross-site request forgery (CSRF) vulnerability in administration/profiles.php in Dolphin 7.1.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the members[] parameter, related to CVE-2014-3810.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| boonex | dolphin | 7.0.4 |
| boonex | dolphin | 7.0.2 |
| boonex | dolphin | 7.0.7 |
| boonex | dolphin | 7.1.1 |
| boonex | dolphin | 7.1.0 |
| boonex | dolphin | 7.1.2 |
| boonex | dolphin | * |
| boonex | dolphin | 7.0.0 |
| boonex | dolphin | 7.0.1 |
| boonex | dolphin | 7.1.3 |
| boonex | dolphin | 7.0.3 |
| boonex | dolphin | 7.0.6 |
| boonex | dolphin | 7.0.9 |
| boonex | dolphin | 7.0.5 |
| boonex | dolphin | 7.0.8 |
Dolphin CMS 7.4.2 is vulnerable to stored XSS via the Page Builder "width" parameter.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.8 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N | 1.7 | 2.7 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| boonex | dolphin | 7.4.2 |