ByteOS Network

ablespace

Source -

NVD

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

3Vulnerabilities found

CVE-2009-1315

Assigner-MITRE Corporation

View Details

Assigner-MITRE Corporation

CVSS Score-4.3||MEDIUM

EPSS-3.52% / 87.17%

7 Day CHG~0.00%

Published-17 Apr, 2009 | 10:00

Updated-07 Aug, 2024 | 05:04

Multiple cross-site scripting (XSS) vulnerabilities in AbleSpace 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) gid parameter to groups_profile.php, (2) cat_id and (3) razd_id parameters to adv_cat.php, and the (4) URL to blogs_full.php.

Vendor-abk-soft n/a

Product-ablespace n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2009-1316

Assigner-MITRE Corporation

View Details

Assigner-MITRE Corporation

CVSS Score-7.5||HIGH

EPSS-0.17% / 39.00%

7 Day CHG~0.00%

Published-17 Apr, 2009 | 10:00

Updated-07 Aug, 2024 | 05:04

Multiple SQL injection vulnerabilities in AbleSpace 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to events_view.php and the (2) id parameter to events_clndr_view.php.

Vendor-abk-soft n/a

Product-ablespace n/a

CWE ID-CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVE-2008-2491

Assigner-MITRE Corporation

View Details

Assigner-MITRE Corporation

CVSS Score-7.5||HIGH

EPSS-0.27% / 49.78%

7 Day CHG~0.00%

Published-28 May, 2008 | 15:00

Updated-07 Aug, 2024 | 09:05

SQL injection vulnerability in adv_cat.php in AbleSpace 1.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.

Vendor-hotscripts n/a

Product-ablespace n/a

CWE ID-CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')