Vulnerabilities (CVE)

Filtered by vendor Php Handicapper Subscribe
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2005-4712 1 Php Handicapper 1 Php Handicapper 2024-11-21 5.0 MEDIUM N/A
CRLF injection vulnerability in process_signup.php in PHP Handicapper allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the login parameter. NOTE: the vendor has disputed CVE-2005-3497, and it is possible that the dispute was intended to include this issue as well.
CVE-2005-3496 1 Php Handicapper 1 Php Handicapper 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in PHP Handicapper allows remote attackers to inject arbitrary web script or HTML via the msg parameter to msg.php. NOTE: some sources identify a second vector in the login parameter to process_signup.php, but the original source says that it is for CRLF injection (CVE-2005-4712). Also note: the vendor has disputed CVE-2005-3497, and it is possible that the dispute was intended to include this issue as well. If so, followup investigation strongly suggests that the original report is correct.