Gossamer Threads: Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in user.cgi in Gossamer Threads Links SQL 2.x and 3.0 allows remote attackers to inject arbitrary web script or HTML via the url parameter.
CVSS Score
4.3
EPSS Score
0.019
Published
2005-05-11
The Gossamer Threads DBMan db.cgi CGI script allows remote attackers to view environmental variables and setup information by referencing a non-existing database in the db parameter.
CVSS Score
6.4
EPSS Score
0.034
Published
2000-05-05