RSS   Vulnerabilities for 'Fx-app'   RSS

2007-02-14
 
CVE-2006-7023

CWE-Other
 

 
Multiple cross-site scripting (XSS) vulnerabilities in fx-APP 0.0.8.1 allow remote attackers to inject arbitrary HTML or web script via (1) the search box, and the (2) url, (3) website, (4) comment, and (5) signature fields in the profile, and possibly (6) a menu item.

 
 
CVE-2006-7022

CWE-Other
 

 
The Tools module in fx-APP 0.0.8.1 allows remote attackers to misrepresent the contents of a web page via an arbitrary URL in the url parameter to a showhtml action for index.php, which causes the URL to be displayed within an iframe.

 


Copyright 2024, cxsecurity.com

 

Back to Top