RSS   Vulnerabilities for 'Knowledgetree open source'   RSS

2012-09-19
 
CVE-2012-0988

CWE-79
 

 
Multiple cross-site scripting (XSS) vulnerabilities in config/dmsDefaults.php in KnowledgeTree 3.7.0.2 and possibly earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) login.php, (2) admin.php, or (3) preferences.php.

 
2006-06-07
 
CVE-2006-2886

 

 
view.php in KnowledgeTree Open Source 3.0.3 and earlier allows remote attackers to obtain the full installation path via a crafted fDocumentId parameter, which displays the path in the resulting error message. NOTE: this might be resultant from another vulnerability, since this vector also produces XSS.

 


Copyright 2019, cxsecurity.com

 

Back to Top