D2ksoft: Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in Default.asp in D2KBlog 1.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
CVSS Score
6.8
EPSS Score
0.021
Published
2006-03-09
SQL injection vulnerability in D2KBlog 1.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the memName parameter in a cookie.
CVSS Score
10.0
EPSS Score
0.022
Published
2006-03-09