| Max CVSS | 7.5 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2004-2200 | 4.3 |
Cross-site scripting (XSS) vulnerability in DUware DUforum 3.0 through 3.1 allows remote attackers to inject arbitrary web script or HTML via via the message text.
|
11-07-2017 - 01:31 | 31-12-2004 - 05:00 | |
| CVE-2004-2198 | 6.4 |
account.asp in DUware DUclassmate 1.0 through 1.1 allows remote attackers to change the passwords for arbitrary users by modifying the MM_recordId parameter on the "My Account" page.
|
11-07-2017 - 01:31 | 31-12-2004 - 05:00 | |
| CVE-2004-2201 | 7.5 |
SQL injection vulnerability in DUware DUforum 3.0 through 3.1 allows remote attackers to execute arbitrary SQL commands via the FOR_ID parameter in messages.asp, (2) MSG_ID parameter in messageDetail.asp, or (3) password parameter in the login form.
|
11-07-2017 - 01:31 | 31-12-2004 - 05:00 | |
| CVE-2004-2202 | 7.5 |
Multiple SQL injection vulnerabilities in DUware DUclassified 4.0 through 4.2 allows remote attackers to bypass authentication and execute other commands on the server's underlying database via the (1) cat_id or (2) sub_id parameters in adDetail.asp,
|
11-07-2017 - 01:31 | 31-12-2004 - 05:00 | |
| CVE-2004-2199 | 4.3 |
Cross-site scripting (XSS) vulnerability in DUware DUclassified 4.0 allows remote attackers to inject arbitrary web script or HTML via the message text.
|
11-07-2017 - 01:31 | 31-12-2004 - 05:00 |