Webgui: Security Vulnerabilities
The loadModule function in lib/WebGUI/Asset.pm in WebGUI before 7.5.30 (stable) allows remote attackers to execute arbitrary code by uploading a Perl module and accessing it via a crafted URL.
CVSS Score
9.3
EPSS Score
0.04
Published
2008-10-30
RSSFromParent in Plain Black WebGUI before 7.5.13 does not restrict view access to Collaboration System (CS) RSS feeds, which allows remote attackers to obtain sensitive information (CS data).
CVSS Score
5.0
EPSS Score
0.004
Published
2008-08-06
Cross-site scripting (XSS) vulnerability in Plain Black WebGUI before 7.4.24 allows remote attackers to inject arbitrary web script or HTML when creating a username, a different vulnerability than CVE-2007-0407.
CVSS Score
4.3
EPSS Score
0.003
Published
2008-02-25