VYPR

Topsites

by Aardvark

CVEs (2)

  • CVE-2010-4097Oct 27, 2010
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in index.php in Aardvark Topsites PHP 5.2.0 and 5.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) mail, (2) title, (3) u, and (4) url parameters. NOTE: the q parameter is already covered by…

  • CVE-2009-2304Jul 2, 2009
    risk 0.00cvss epss 0.01

    index.php in Aardvark Topsites PHP 5.2.0 and earlier allows remote attackers to obtain sensitive information via a nonexistent account name in the u parameter in a rate action, which reveals the installation path in an error message.