VYPR

Ez Poll Hoster

by Scriptsez

CVEs (2)

  • CVE-2009-4385Dec 22, 2009
    risk 0.03cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in Scriptsez.net Ez Poll Hoster (EPH) allow remote attackers to (1) hijack the authentication of arbitrary users for requests that delete polls via the delete_poll action to index.php; and hijack the authentication of…

  • CVE-2009-4384Dec 22, 2009
    risk 0.03cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net Ez Poll Hoster (EPH) allow remote attackers to inject arbitrary web script or HTML via the (1) pid parameter in a code action to index.php and the (2) uid parameter in a view action to profile.php.