CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Opendb: >> Opendb >> 1.0.6 Security Vulnerabilities

CVE-2008-3937

Multiple cross-site scripting (XSS) vulnerabilities in Open Media Collectors Database (OpenDb) 1.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) user_id parameter in an edit action to user_admin.php, the (2) title parameter to listings.php, and the (3) redirect_url parameter to user_profile.php.

CVSS Score

6.1

EPSS Score

0.002

Published

2008-09-05

CVE-2008-3938

Cross-site request forgery (CSRF) vulnerability in user_admin.php in Open Media Collectors Database (OpenDb) 1.0.6 allows remote attackers to change arbitrary passwords via an update_password action.

CVSS Score

8.8

EPSS Score

0.003

Published

2008-09-05

Page 1

Vulnerabilities

Vulnerable Software

Opendb: >> Opendb >> 1.0.6 Security Vulnerabilities

Products

Pricing

Contact Us