Scriptsez: Security Vulnerabilities
Scriptsez Smart PHP Subscriber (aka subscribe) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain encoded passwords via a direct request for pwd.txt.
CVSS Score
7.5
EPSS Score
0.044
Published
2007-01-26
Multiple cross-site scripting (XSS) vulnerabilities in Ez Ringtone Manager allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in player.php and (2) keyword parameter when performing a search.
CVSS Score
4.3
EPSS Score
0.007
Published
2006-06-13
Cross-site scripting (XSS) vulnerability in Scriptsez Cute Guestbook 20060211 allows remote attackers to inject arbitrary web script or HTML via the Comments field when signing the guestbook.
CVSS Score
4.3
EPSS Score
0.005
Published
2006-05-05
Page 3