4homepages: >> 4images >> 1.0 Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in 4images 1.7.11 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat_description parameter in an updatecat action to admin/categories.php.
CVSS Score
4.3
EPSS Score
0.002
Published
2015-10-05
Cross-site scripting (XSS) vulnerability in 4images 1.7.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML by providing a crafted user_homepage parameter to member.php, and then posting a comment associated with a picture.
CVSS Score
3.5
EPSS Score
0.01
Published
2009-06-19
Directory traversal vulnerability in global.php in 4images before 1.7.7, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the l parameter.
CVSS Score
6.8
EPSS Score
0.013
Published
2009-06-19