Vulnerabilities (CVE)

Filtered by vendor Contentcustomizer Subscribe
Filtered by product Contentcustomizer
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-5817 1 Contentcustomizer 1 Contentcustomizer 2024-11-21 4.3 MEDIUM N/A
dialog.php in CONTENTCustomizer 3.1mp and earlier allows remote attackers to perform certain privileged actions via a (1) del, (2) delbackup, (3) res, or (4) ren action. NOTE: this issue can be leveraged to conduct cross-site scripting (XSS) and possibly other attacks.
CVE-2007-5816 1 Contentcustomizer 1 Contentcustomizer 2024-11-21 5.0 MEDIUM N/A
dialog.php in CONTENTCustomizer 3.1mp and earlier allows remote attackers to obtain sensitive author credentials by making a request with an editauthor action, then reading the value of the newlocalpassword password input field in the HTML source of the resulting page.