Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-5816 | 1 Contentcustomizer | 1 Contentcustomizer | 2008-11-14 | 5.0 MEDIUM | N/A |
dialog.php in CONTENTCustomizer 3.1mp and earlier allows remote attackers to obtain sensitive author credentials by making a request with an editauthor action, then reading the value of the newlocalpassword password input field in the HTML source of the resulting page. | |||||
CVE-2007-5817 | 1 Contentcustomizer | 1 Contentcustomizer | 2008-09-04 | 4.3 MEDIUM | N/A |
dialog.php in CONTENTCustomizer 3.1mp and earlier allows remote attackers to perform certain privileged actions via a (1) del, (2) delbackup, (3) res, or (4) ren action. NOTE: this issue can be leveraged to conduct cross-site scripting (XSS) and possibly other attacks. |