MidnightBSD

Advisories for psychostats

CVE-2004-1417 MEDIUM

Cross-site scripting (XSS) vulnerability in login.php in PsychoStats 2.2.4 Beta and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
psychostats psychostats 2.0
psychostats psychostats 2.0.1
psychostats psychostats 2.2.1
psychostats psychostats *
psychostats psychostats 2.2.2
psychostats psychostats 2.1
psychostats psychostats 2.2
CVE-2013-3721 HIGH

SQL injection vulnerability in awards.php in PsychoStats 3.2.2b allows remote attackers to execute arbitrary SQL commands via the d parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
psychostats psychostats 3.2.2b