MidnightBSD

Advisories for dbninja

CVE-2019-7545 LOW

In DbNinja 3.2.7, the Add Host function of the Manage Hosts pages has a Stored Cross-site Scripting (XSS) vulnerability in the User Name field.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
dbninja dbninja *
CVE-2019-7747 MEDIUM

DbNinja 3.2.7 allows session fixation via the data.php sessid parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-384,

Products Affected

Vendor Product Version
dbninja dbninja 3.2.7
CVE-2019-7748 MEDIUM

_includes\online.php in DbNinja 3.2.7 allows XSS via the data.php task parameter if _users/admin/tasks.php exists.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
dbninja dbninja 3.2.7