RSS   Vulnerabilities for 'Livestreet'   RSS

2009-09-18
 
CVE-2009-3261

CWE-287
 

 
update/update_0.1.2_to_0.2.php in LiveStreet 0.2 does not require administrative authentication, which allows remote attackers to perform DROP TABLE operations via unspecified vectors.

 
 
CVE-2009-3260

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in LiveStreet 0.2 allows remote attackers to inject arbitrary web script or HTML via the header of the topic in a comment.

 
 
CVE-2009-3256

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in include/ajax/blogInfo.php in LiveStreet 0.2 allows remote attackers to inject arbitrary web script or HTML via the URI, as demonstrated by a SCRIPT element in an arbitrary parameter such as the asd parameter.

 


Copyright 2024, cxsecurity.com

 

Back to Top