Cross-site scripting (XSS) vulnerability in admin/templates/default.php in Batavi 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to admin/index.php.
Max CVSS
4.3
EPSS Score
0.20%
Published
2014-03-11
Updated
2017-08-29
SQL injection vulnerability in ajax.php in Batavi before 1.2.1 allows remote attackers to execute arbitrary SQL commands via the boxToReload parameter.
Max CVSS
7.5
EPSS Score
0.35%
Published
2012-01-24
Updated
2017-08-29
Batavi before 1.0 has CSRF.
Max CVSS
8.8
EPSS Score
0.10%
Published
2020-02-05
Updated
2020-02-07
3 vulnerabilities found