Vulnerabilities (CVE)

Filtered by vendor Emedia Office Gmbh Subscribe
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-1631 1 Emedia Office Gmbh 1 Cuteflow 2024-02-04 7.5 HIGH N/A
SQL injection vulnerability in login.php in CuteFlow 1.5.0 and 2.10.0 allows remote attackers to execute arbitrary SQL commands via the UserId parameter, related to the login form field in index.php.
CVE-2008-1630 1 Emedia Office Gmbh 1 Cuteflow 2024-02-04 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in CuteFlow 1.5.0 and 2.10.0 allow remote attackers to inject arbitrary web script or HTML via the language parameter to (1) page/showcirculation.php; and (2) edittemplate_step2.php, (3) showfields.php, (4) showuser.php, (5) editmailinglist_step1.php, and (6) showtemplates.php in pages/.
CVE-2008-1632 1 Emedia Office Gmbh 1 Cuteflow 2024-02-04 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in CuteFlow 2.10.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) listid parameter to pages/editmailinglist_step1.php, the (2) userid parameter to pages/edituser.php, the (3) fieldid parameter to pages/editfield.php, and the (4) templateid to pages/edittemplate_step1.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.