Phpbugtracker
Monthly
Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.2 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via unspecified parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to project.php, the (2) group_id. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) project name. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Multiple cross-site request forgery (CSRF) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to hijack the authentication of users for requests that cause an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Multiple cross-site request forgery (CSRF) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to (1) hijack the authentication of users for requests that. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.2 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via unspecified parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to project.php, the (2) group_id. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) project name. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Multiple cross-site request forgery (CSRF) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to hijack the authentication of users for requests that cause an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Multiple cross-site request forgery (CSRF) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to (1) hijack the authentication of users for requests that. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.