| Max CVSS | 7.5 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2006-4985 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in Grayscale BandSite CMS allow remote attackers to inject arbitrary web script or HTML via (1) the max_file_size_purdy parameter in adminpanel/includes/helpfiles/help_mp3.php, (2) the message_text
|
17-10-2018 - 21:40 | 26-09-2006 - 02:07 | |
| CVE-2008-7057 | 4.3 |
Cross-site scripting (XSS) vulnerability in merchandise.php in BandSite CMS 1.1.4 allows remote attackers to inject arbitrary HTML or web script via the type parameter.
|
29-09-2017 - 01:33 | 24-08-2009 - 19:30 | |
| CVE-2008-7056 | 5.0 |
BandSite CMS 1.1.4 does not perform access control for adminpanel/phpmydump.php, which allows remote attackers to obtain copies of the database via a direct request.
|
29-09-2017 - 01:33 | 24-08-2009 - 19:30 | |
| CVE-2009-4793 | 6.0 |
Unrestricted file upload vulnerability in adminpanel/scripts/addphotos.php in BandSite CMS 1.1.4 allows remote authenticated administrators to execute arbitrary PHP code by uploading a file with an executable extension via an addphotos action to admi
|
19-09-2017 - 01:30 | 22-04-2010 - 14:30 | |
| CVE-2009-4792 | 7.5 |
SQL injection vulnerability in includes/content/member_content.php in BandSite CMS 1.1.4 allows remote attackers to execute arbitrary SQL commands via the memid parameter to members.php.
|
19-09-2017 - 01:30 | 22-04-2010 - 14:30 |