Open Source Development Network: >> Slashcode >> 2.2.3 Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in Slashcode CVS releases June 17 through July 1 2002 allows remote attackers to execute arbitrary script as other users by injecting script into the paragraph <P> tag.
CVSS Score
6.8
EPSS Score
0.009
Published
2002-12-31
Cross-site scripting vulnerability in Slash before 2.2.5, as used in Slashcode and elsewhere, allows remote attackers to steal cookies and authentication information from other users via Javascript in a URL, possibly in the formkey field.
CVSS Score
2.6
EPSS Score
0.004
Published
2002-05-31