Clever Copy: >> Clever Copy >> 23.0 Security Vulnerabilities
Magus Perde Clever Copy 3.0 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to view the database username and password via a direct request for connect.inc.
CVSS Score
5.0
EPSS Score
0.05
Published
2006-04-11
Cross-site scripting (XSS) vulnerability in Clever Copy 2.0, 2.0a, and 3.0 allows remote attackers to inject arbitrary web script or HTML via the (1) Referer or (2) X-Forwarded-For headers in an HTTP request, which are not properly handled when the administrator accesses Site Stats.
CVSS Score
4.3
EPSS Score
0.006
Published
2006-02-09