RSS   Vulnerabilities for 'Small pirate'   RSS

2010-07-22
 
CVE-2009-4937

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in Small Pirate (SPirate) 2.1 allows remote attackers to inject arbitrary web script or HTML via an onmouseover action in an img BBCode tag within a url BBCode tag.

 
 
CVE-2009-4936

CWE-89
 

 
Multiple SQL injection vulnerabilities in Small Pirate (SPirate) 2.1 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to the default URI in an rss .xml action, or the id parameter to (2) pag1.php, (3) pag1-guest.php, (4) rss-comment_post.php (aka rss-coment_post.php), or (5) rss-pic-comment.php.

 


Copyright 2024, cxsecurity.com

 

Back to Top