A cross-site scripting (XSS) vulnerability in Clansphere CMS v2011.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username parameter.
Max CVSS
6.1
EPSS Score
0.08%
Published
2022-11-09
Updated
2022-11-09
Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "language" parameter.
Max CVSS
6.1
EPSS Score
0.11%
Published
2021-03-23
Updated
2021-03-24
Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "module" parameter.
Max CVSS
6.1
EPSS Score
0.11%
Published
2021-03-23
Updated
2021-03-24
Cross-site scripting (XSS) vulnerability in ClanSphere 2011.4 allows remote attackers to inject arbitrary web script or HTML via the where parameter in a list action to index.php.
Max CVSS
4.3
EPSS Score
0.25%
Published
2015-01-13
Updated
2018-10-09
ClanSphere 2010.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by mods/board/attachment.php.
Max CVSS
5.0
EPSS Score
0.29%
Published
2011-09-23
Updated
2012-03-13
Multiple SQL injection vulnerabilities in ClanSphere 2009.0.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the IP address to the cs_getip function in generate.php in the Captcha module, or (2) the s_email parameter to the cs_sql_select function in the MySQL database driver (mysql.php).
Max CVSS
7.5
EPSS Score
0.30%
Published
2010-05-07
Updated
2017-08-17
6 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!