Max CVSS 7.5 Min CVSS 4.3 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2007-1236 6.4
sitex allows remote attackers to obtain sensitive information via a request with a numerical value for the (1) sxMonth[] or (2) sxYear[] parameter to calendar.php, or the (3) page[] parameter to calendar_events.php, which reveals the path in various
16-10-2018 - 16:37 03-03-2007 - 19:19
CVE-2007-1234 4.3
Multiple cross-site scripting (XSS) vulnerabilities in sitex allow remote attackers to inject arbitrary web script or HTML via (1) the sxYear parameter to calendar.php, (2) the search parameter to search.php, (3) the linkid parameter to redirect.php,
16-10-2018 - 16:37 03-03-2007 - 19:19
CVE-2007-1235 7.5
Unrestricted file upload vulnerability in sitex allows remote attackers to upload arbitrary PHP code via an avatar filename with a double extension such as .php.jpg, which fails verification and is saved as a .php file.
16-10-2018 - 16:37 03-03-2007 - 19:19
CVE-2007-1237 5.0
sitex allows remote attackers to obtain potentially sensitive information via a ' (quote) value for certain parameters, as demonstrated by parameters used in forum and search, which forces a SQL error.
16-10-2018 - 16:37 03-03-2007 - 19:19
Back to Top Mark selected
Back to Top