Cross-site scripting (XSS) vulnerability in Boonex Orca 2.0 and 2.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the topic title field.
CVSS Score
3.5
EPSS Score
0.002
Published
2009-08-21
PHP remote file inclusion vulnerability in layout/default/params.php in Boonex Orca 2.0 and 2.0.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the gConf[dir][layouts] parameter.
CVSS Score
9.3
EPSS Score
0.015
Published
2008-11-19