VYPR

D2 Shoutbox

by D2 Shoutbox

CVEs (3)

  • CVE-2007-4330Aug 14, 2007
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in shoutbox.php in Shoutbox 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.

  • CVE-2006-1153Mar 10, 2006
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in D2-Shoutbox 4.2 allows remote attackers to execute arbitrary SQL commands via the load parameter, when performing a Shoutbox action through Invision Power Board (IPB).

  • CVE-2007-5948Nov 14, 2007
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in main.php in SF-Shoutbox 1.2.1 through 1.4 allow remote attackers to inject arbitrary web script or HTML via the (1) nick (aka Name) and (2) shout (aka Shout) parameters.