Emedia Office Gmbh: >> Cuteflow >> 2.10.0 Security Vulnerabilities
Multiple cross-site scripting (XSS) vulnerabilities in CuteFlow 1.5.0 and 2.10.0 allow remote attackers to inject arbitrary web script or HTML via the language parameter to (1) page/showcirculation.php; and (2) edittemplate_step2.php, (3) showfields.php, (4) showuser.php, (5) editmailinglist_step1.php, and (6) showtemplates.php in pages/.
CVSS Score
4.3
EPSS Score
0.003
Published
2008-04-02
SQL injection vulnerability in login.php in CuteFlow 1.5.0 and 2.10.0 allows remote attackers to execute arbitrary SQL commands via the UserId parameter, related to the login form field in index.php.
CVSS Score
7.5
EPSS Score
0.004
Published
2008-04-02