Avatic: >> Aardvark Topsites Php >> 5.2.0 Security Vulnerabilities
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Aardvark Topsites PHP 5.2.0 and 5.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) mail, (2) title, (3) u, and (4) url parameters. NOTE: the q parameter is already covered by CVE-2009-2302.
CVSS Score
4.3
EPSS Score
0.003
Published
2010-10-27
index.php in Aardvark Topsites PHP 5.2.1 and earlier allows remote attackers to obtain sensitive information via a negative integer value for the start parameter in a search action, which reveals the installation path in an error message.
CVSS Score
5.0
EPSS Score
0.003
Published
2009-07-02