Vulnerabilities (CVE)

Filtered by vendor Livestreet Subscribe
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-3261 1 Livestreet 1 Livestreet 2024-11-21 7.5 HIGH N/A
update/update_0.1.2_to_0.2.php in LiveStreet 0.2 does not require administrative authentication, which allows remote attackers to perform DROP TABLE operations via unspecified vectors.
CVE-2009-3260 1 Livestreet 1 Livestreet 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in LiveStreet 0.2 allows remote attackers to inject arbitrary web script or HTML via the header of the topic in a comment.
CVE-2009-3256 1 Livestreet 1 Livestreet 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in include/ajax/blogInfo.php in LiveStreet 0.2 allows remote attackers to inject arbitrary web script or HTML via the URI, as demonstrated by a SCRIPT element in an arbitrary parameter such as the asd parameter.