Andrey Cherezov » Acweb : Security Vulnerabilities, CVEs, CVSS score >= 4
acWEB 1.14 allows remote attackers to cause a denial of service (crash) via an HTTP request for a MS-DOS device name such as COM2.
Max CVSS
7.8
EPSS Score
0.21%
Published
2002-12-31
Updated
2008-09-05
Cross-site scripting (XSS) vulnerability in acWEB 1.8 and 1.14 allows remote attackers to insert arbitrary HTML and web script via a URL, possibly via a "%db" request in a URL.
Max CVSS
4.3
EPSS Score
0.32%
Published
2002-12-31
Updated
2008-09-10
2 vulnerabilities found