Cross-site scripting (XSS) vulnerability in Voice Of Web AllMyGuests 0.4.1 allows remote attackers to inject arbitrary web script or HTML via the AMG_signin_topic parameter to index.php.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| php_resource | voice_of_web_allmyguests | 0.4.1 |
Multiple SQL injection vulnerabilities in Voice Of Web AllMyGuests 0.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) allmyphp_cookie cookie to admin.php or the (2) Username or (3) Password.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| php_resource | voice_of_web_allmyguests | 0.4.1 |