Simplog: >> Simplog >> 0.9.3.2 Security Vulnerabilities
comments.php in Simplog 0.9.3.2, and possibly earlier, does not properly restrict access, which allows remote attackers to edit or delete comments via the (1) edit or (2) del action.
CVSS Score
5.0
EPSS Score
0.033
Published
2009-11-29
Cross-site request forgery (CSRF) vulnerability in user.php in Simplog 0.9.3.2, and possibly earlier, allows remote attackers to hijack the authentication of administrators and users for requests that change passwords.
CVSS Score
6.8
EPSS Score
0.003
Published
2009-11-29
Multiple cross-site scripting (XSS) vulnerabilities in comments.php in Simplog 0.9.3.2, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) cname (Name) or (2) email parameters.
CVSS Score
4.3
EPSS Score
0.021
Published
2009-11-29