MidnightBSD

Advisories for xaraya

CVE-2005-3929 MEDIUM

Directory traversal vulnerability in the create function in xarMLSXML2PHPBackend.php in Xaraya 1.0 allows remote attackers to create directories and overwrite arbitrary files via ".." sequences in the module parameter to index.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xaraya xaraya 1.0_rc1
xaraya xaraya 1.0_rc4
xaraya xaraya 1.0_rc2
xaraya xaraya 1.0_rc3
CVE-2013-3639 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in Xaraya 2.4.0-b1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) interface, (3) name, or (4) tabmodule parameter to index.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
xaraya xaraya *