Vulnerabilities (CVE)

Filtered by vendor Mephisto Subscribe
Filtered by product Mephisto
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-1873 1 Mephisto 1 Mephisto 2025-04-09 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Mephisto 0.7.3 allows remote attackers to inject arbitrary web script or HTML via the q parameter to the search script.
CVE-2007-1768 1 Mephisto 2 Mephisto, Mephisto Edge 2025-04-09 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in app/helpers/application_helper.rb in Mephisto 0.7.3 and Mephisto Edge 20070325 allows remote attackers to inject arbitrary web script or HTML via the author name field in a comment.