Daverave: Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in iframe.php in daverave Link Bank allows remote attackers to inject arbitrary web script or HTML via the site parameter.
CVSS Score
4.3
EPSS Score
0.006
Published
2006-03-14
Direct static code injection vulnerability in add_link.txt in daverave Link Bank allows remote attackers to execute arbitrary PHP code via the url_name parameter, which is not sanitized before being stored in links.txt, which is later used in an include statement.
CVSS Score
7.5
EPSS Score
0.014
Published
2006-03-14