SQL injection vulnerability in people/editprofile.php in Gforge 4.6 rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the skill_edit[] parameter.
CVSS Score
7.5
EPSS Score
0.002
Published
2009-02-19
Cross-site scripting (XSS) vulnerability in account/verify.php in GForge 4.6b2 allows remote attackers to inject arbitrary web script or HTML via the confirm_hash parameter.
CVSS Score
4.3
EPSS Score
0.005
Published
2007-10-05