Filtered by vendor Easy Address Book Web Server Project
Subscribe
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-4493 | 1 Easy Address Book Web Server Project | 1 Easy Address Book Web Server | 2024-11-21 | N/A | 6.1 MEDIUM |
| Stored Cross-Site Scripting in Easy Address Book Web Server 1.6 version, through the users_admin.ghp file that affects multiple parameters such as (firstname, homephone, lastname, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate, workzip). This vulnerability allows a remote attacker to store a malicious JavaScript payload in the application to be executed when the page is loaded, resulting in an integrity impact. | |||||
| CVE-2023-4492 | 1 Easy Address Book Web Server Project | 1 Easy Address Book Web Server | 2024-11-21 | N/A | 6.1 MEDIUM |
| Vulnerability in Easy Address Book Web Server 1.6 version, affecting the parameters (firstname, homephone, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate and workzip) of the /addrbook.ghp file, allowing an attacker to inject a JavaScript payload specially designed to run when the application is loaded | |||||
| CVE-2023-4491 | 1 Easy Address Book Web Server Project | 1 Easy Address Book Web Server | 2024-11-21 | N/A | 9.8 CRITICAL |
| Buffer overflow vulnerability in Easy Address Book Web Server 1.6 version. The exploitation of this vulnerability could allow an attacker to send a very long username string to /searchbook.ghp, asking for the name via a POST request, resulting in arbitrary code execution on the remote machine. | |||||