Greymatter: Security Vulnerabilities
gm-upload.cgi in Greymatter 1.3.1 allows remote authenticated users with upload privileges to execute arbitrary programs by uploading files to locations within the web root. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVSS Score
6.5
EPSS Score
0.011
Published
2006-03-29
Cross-site scripting (XSS) vulnerability in Greymatter allows remote attackers to inject arbitrary web script or HTML via a post comment, which is recorded in a log file but not properly handled when the administrator uses "View Control Panel Log" to read the log file.
CVSS Score
4.3
EPSS Score
0.003
Published
2005-09-07