Multiple cross-site scripting (XSS) vulnerabilities in index.php for phpMyVisites allow remote attackers to inject arbitrary web script or HTML via the (1) part, (2) per, or (3) site parameters.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| matthieu_aubry | phpmyvisites | 1.2.1 |
| matthieu_aubry | phpmyvisites | 1.0 |
| matthieu_aubry | phpmyvisites | 1.2_beta |
| matthieu_aubry | phpmyvisites | 1.2 |
| matthieu_aubry | phpmyvisites | 1.2.2 |
| matthieu_aubry | phpmyvisites | 0.1_beta |
| matthieu_aubry | phpmyvisites | 1.1 |
| matthieu_aubry | phpmyvisites | 1.3 |
set_lang.php in phpMyVisites 1.3 allows remote attackers to read and include arbitrary files via the mylang parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| matthieu_aubry | phpmyvisites | 1.3 |