Multiple cross-site scripting (XSS) vulnerabilities in Digirez 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) Room_name parameter to room/info_book.asp or the (2) curYear parameter to room/week.asp.
Max CVSS
4.3
EPSS Score
0.51%
Published
2007-05-29
Updated
2018-10-16
SQL injection vulnerability in info_book.asp in Digirez 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the book_id parameter.
Max CVSS
7.5
EPSS Score
0.25%
Published
2007-01-09
Updated
2017-10-19
2 vulnerabilities found