CVEDB API

Vulnerabilities

Vulnerable Software

Manic Web: Security Vulnerabilities

CVE-2006-1979

Cross-site scripting (XSS) vulnerability in mwguest.php in Manic Web MWGuest 2.1.0 allows remote attackers to inject arbitrary web script or HTML via the homepage parameter.

CVSS Score

5.8

EPSS Score

0.032

Published

2006-04-21

CVE-2006-1690

Cross-site scripting (XSS) vulnerability in subscribe.php in MWNewsletter 1.0.0b allows remote attackers to inject arbitrary web script or HTML via the user_name parameter.

CVSS Score

6.8

EPSS Score

0.017

Published

2006-04-11

CVE-2006-1691

SQL injection vulnerability in MWNewsletter 1.0.0b allows remote attackers to execute arbitrary SQL commands via the user_name parameter to unsubscribe.php.

CVSS Score

7.5

EPSS Score

0.01

Published

2006-04-11

CVE-2006-1692

Multiple SQL injection vulnerabilities in MWNewsletter 1.0.0b allow remote attackers to execute arbitrary SQL commands via the (1) user_email parameter to (a) unsubscribe.php or (b) subscribe.php; or the (2) user_name parameter to subscribe.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information, although it is likely that this was discovered during post-disclosure analysis.

CVSS Score

7.5

EPSS Score

0.005

Published

2006-04-11

Page 1

Vulnerabilities

Vulnerable Software

Manic Web: Security Vulnerabilities

Products

Pricing

Contact Us