Thyme

CVEs (4)

CVE	Risk	CVSS	EPSS	Published	Description
CVE-2008-6404	0.03	—	0.00	Mar 6, 2009	Cross-site scripting (XSS) vulnerability in add_calendars.php in eXtrovert Software Thyme 1.3 allows remote attackers to inject arbitrary web script or HTML via the callback parameter.
CVE-2009-0535	0.03	—	0.03	Feb 11, 2009	Directory traversal vulnerability in export.php in Thyme 1.3 and earlier, when register_globals is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the export_to parameter.
CVE-2008-4459	0.03	—	0.00	Oct 7, 2008	SQL injection vulnerability in pick_users.php in the groups module in eXtrovert Thyme 1.3 allows remote attackers to execute arbitrary SQL commands via the uname_search parameter. NOTE: some of these details are obtained from third party information.
CVE-2006-2117	0.00	—	0.01	May 1, 2006	Cross-site scripting (XSS) vulnerability in Thyme 1.3 allows remote attackers to inject arbitrary web script or HTML via the search page.

CVE-2008-6404Mar 6, 2009
risk 0.03cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in add_calendars.php in eXtrovert Software Thyme 1.3 allows remote attackers to inject arbitrary web script or HTML via the callback parameter.
CVE-2009-0535Feb 11, 2009
risk 0.03cvss —epss 0.03
Directory traversal vulnerability in export.php in Thyme 1.3 and earlier, when register_globals is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the export_to parameter.
CVE-2008-4459Oct 7, 2008
risk 0.03cvss —epss 0.00
SQL injection vulnerability in pick_users.php in the groups module in eXtrovert Thyme 1.3 allows remote attackers to execute arbitrary SQL commands via the uname_search parameter. NOTE: some of these details are obtained from third party information.
CVE-2006-2117May 1, 2006
risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Thyme 1.3 allows remote attackers to inject arbitrary web script or HTML via the search page.