Cross-site scripting (XSS) vulnerability in Boonex Orca 2.0 and 2.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the topic title field.
Max CVSS
3.5
EPSS Score
0.09%
Published
2009-08-21
Updated
2017-08-17
PHP remote file inclusion vulnerability in layout/default/params.php in Boonex Orca 2.0 and 2.0.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the gConf[dir][layouts] parameter.
Max CVSS
9.3
EPSS Score
20.08%
Published
2008-11-19
Updated
2017-09-29
2 vulnerabilities found