Vulnerabilities (CVE)

Filtered by vendor Dbninja Subscribe
Filtered by product Dbninja
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-7748 1 Dbninja 1 Dbninja 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
_includes\online.php in DbNinja 3.2.7 allows XSS via the data.php task parameter if _users/admin/tasks.php exists.
CVE-2019-7747 1 Dbninja 1 Dbninja 2024-11-21 6.8 MEDIUM 9.6 CRITICAL
DbNinja 3.2.7 allows session fixation via the data.php sessid parameter.
CVE-2019-7545 1 Dbninja 1 Dbninja 2024-11-21 3.5 LOW 5.4 MEDIUM
In DbNinja 3.2.7, the Add Host function of the Manage Hosts pages has a Stored Cross-site Scripting (XSS) vulnerability in the User Name field.