Multiple cross-site scripting (XSS) vulnerabilities in XAMPP 1.4.x allow remote attackers to inject arbitrary web script or HTML via (1) cds.php, (2) Guestbook-EN.pl, or (3) phonebook.php.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xampp | apache_distribution | 1.4.9 |
| xampp | apache_distribution | 1.4.4 |
| xampp | apache_distribution | 1.4.7 |
| xampp | apache_distribution | 0.2 |
| xampp | apache_distribution | 1.4.8 |
| xampp | apache_distribution | 1.4.3 |
| xampp | apache_distribution | 1.4.12 |
| xampp | apache_distribution | 1.4.13 |
| xampp | apache_distribution | 0.3 |
| xampp | apache_distribution | 0.1 |
| xampp | apache_distribution | 1.4.11 |
| xampp | apache_distribution | 1.4.10 |
| xampp | apache_distribution | 1.4.6 |
| xampp | apache_distribution | 1.4.10a |
| xampp | apache_distribution | 1.4.2 |
| xampp | apache_distribution | 1.4.1 |
| xampp | apache_distribution | 1.4.5 |
XAMPP 1.4.x has multiple default or null passwords, which allows attackers to gain privileges.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xampp | apache_distribution | 1.4.9 |
| xampp | apache_distribution | 1.4.4 |
| xampp | apache_distribution | 1.4.7 |
| xampp | apache_distribution | 0.2 |
| xampp | apache_distribution | 1.4.8 |
| xampp | apache_distribution | 1.4.3 |
| xampp | apache_distribution | 1.4.12 |
| xampp | apache_distribution | 1.4.13 |
| xampp | apache_distribution | 0.3 |
| xampp | apache_distribution | 0.1 |
| xampp | apache_distribution | 1.4.11 |
| xampp | apache_distribution | 1.4.10 |
| xampp | apache_distribution | 1.4.6 |
| xampp | apache_distribution | 1.4.10a |
| xampp | apache_distribution | 1.4.2 |
| xampp | apache_distribution | 1.4.1 |
| xampp | apache_distribution | 1.4.5 |
Directory traversal vulnerability in XAMPP before 1.4.14 allows remote attackers to inject arbitrary HTML and PHP code via lang.php.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xampp | apache_distribution | 1.4.9 |
| xampp | apache_distribution | 1.4.4 |
| xampp | apache_distribution | 1.4.7 |
| xampp | apache_distribution | 1.4.8 |
| xampp | apache_distribution | 1.4.3 |
| xampp | apache_distribution | 1.4.12 |
| xampp | apache_distribution | 1.4.13 |
| xampp | apache_distribution | 1.4.11 |
| xampp | apache_distribution | 1.4.10 |
| xampp | apache_distribution | 1.4.6 |
| xampp | apache_distribution | 1.4.10a |
| xampp | apache_distribution | 1.4.2 |
| xampp | apache_distribution | 1.4.1 |
| xampp | apache_distribution | 1.4.5 |