Directtopics: Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in DirectTopics 2.1 and 2.2 allows remote attackers to inject arbitrary web script via a javascript: URL in (1) a thread or (2) an IMG tag.
CVSS Score
4.3
EPSS Score
0.003
Published
2005-05-14
SQL injection vulnerability in topic.php in DirectTopics 2.1 and 2.2 allows remote attackers to execute arbitrary SQL commands via the topic parameter.
CVSS Score
7.5
EPSS Score
0.004
Published
2005-05-12
topic.php in DirectTopics 2.1 and 2.2 allows remote attackers to obtain sensitive information via an invalid topic parameter, which reveals the path in an error message.
CVSS Score
5.0
EPSS Score
0.003
Published
2005-05-12