MidnightBSD

Advisories for onnogroen

CVE-2009-4650 HIGH

SQL injection vulnerability in the Webee Comments (com_webeecomment) component 1.1.1, 1.2, and 2.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a default action to index2.php. NOTE: some of these details are obtained from third party information.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
onnogroen com_webeecomment 1.1.1
onnogroen com_webeecomment 2.0
onnogroen com_webeecomment 1.2
CVE-2009-4651 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in the Webee Comments (com_webeecomment) component 1.1.1, 1.2, and 2.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) color, (2) img, or (3) url BBCode tags in unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
onnogroen com_webeecomment 1.1.1
onnogroen com_webeecomment 2.0
onnogroen com_webeecomment 1.2