MidnightBSD

Advisories for interworx

CVE-2014-2035 MEDIUM

Cross-site scripting (XSS) vulnerability in xhr.php in InterWorx Web Control Panel (aka InterWorx Hosting Control Panel and InterWorx-CP) before 5.0.13 build 574 allows remote attackers to inject arbitrary web script or HTML via the i parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
interworx web_control_panel *
interworx web_control_panel 5.0.12
interworx web_control_panel 5.0.11
interworx web_control_panel 5.0.10
interworx web_control_panel 5.0
CVE-2014-2531 MEDIUM

SQL injection vulnerability in xhr.php in InterWorx Web Control Panel (aka InterWorx Hosting Control Panel and InterWorx-CP) before 5.0.14 build 577 allows remote authenticated users to execute arbitrary SQL commands via the i parameter in a search action to the (1) NodeWorx , (2) SiteWorx, or (3) Resellers interface, as demonstrated by the "or" key in a pgn8state object in an i object in a JSON object.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
interworx web_control_panel *