MidnightBSD

Advisories for expinion.net

CVE-2004-1845 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in News Manager Lite 2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to comment_add.asp, (2) search parameter to search.asp, or (3) n parameter to category_news_headline.asp.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
expinion.net news_manager_lite 2.5
CVE-2004-1846 HIGH

Multiple SQL injection vulnerabilities in News Manager Lite 2.5 allow remote attackers to execute arbitrary SQL code via the (1) ID parameter to more.asp, (2) ID parameter to category_news.asp, or (3) filter parameter to news_sort.asp.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
expinion.net news_manager_lite 2.5
CVE-2006-2293 MEDIUM

SQL injection vulnerability in all_calendars.asp in MultiCalendars 3.0 allows remote attackers to execute arbitrary SQL commands via the calsids parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
expinion.net multicalendars 3.0
CVE-2010-4896 MEDIUM

Cross-site scripting (XSS) vulnerability in admin/index.asp in Member Management System 4.0 allows remote attackers to inject arbitrary web script or HTML via the REF_URL parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
expinion.net member_management_system 4.0