Interact
Products
1- 11 CVEs
Recent CVEs
11| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-41103 | Med | 0.35 | 5.4 | 0.00 | Sep 11, 2023 | Interact 7.9.79.5 allows stored Cross-site Scripting (XSS) attacks in several locations, allowing an attacker to store a JavaScript payload. | ||
| CVE-2008-3384 | 0.03 | — | 0.03 | Jul 30, 2008 | Multiple directory traversal vulnerabilities in help/help.php in Interact Learning Community Environment Interact 2.4.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) module and (2) file parameters. | |||
| CVE-2008-2220 | 0.03 | — | 0.02 | May 14, 2008 | Multiple PHP remote file inclusion vulnerabilities in Interact Learning Community Environment Interact 2.4.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) CONFIG[LANGUAGE_CPATH] parameter to… | |||
| CVE-2006-4448 | 0.03 | — | 0.03 | Aug 30, 2006 | Multiple PHP remote file inclusion vulnerabilities in interact 2.2, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) CONFIG[BASE_PATH] parameter in (a) admin/autoprompter.php and (b) includes/common.inc.php, and the (2)… | |||
| CVE-2008-3868 | 0.00 | — | 0.01 | Nov 3, 2008 | Cross-site request forgery (CSRF) vulnerability in Interact 2.4.1 allows remote attackers to hijack the authentication of super administrators for requests that create super administrator accounts. | |||
| CVE-2008-3867 | 0.00 | — | 0.01 | Nov 3, 2008 | SQL injection vulnerability in spaces/emailuser.php in Interact 2.4.1 allows remote attackers to execute arbitrary SQL commands via the email_user_key parameter. | |||
| CVE-2007-4177 | 0.00 | — | 0.01 | Aug 8, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in Interact before 2.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2007-3328. | |||
| CVE-2007-3328 | 0.00 | — | 0.02 | Jun 21, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in Interact 2.4 beta 1 allow remote attackers to inject arbitrary web script or HTML via the (1) module_key parameter to (a) kb/kb.php, (b) quiz/runquiz.php, (c) quiz/quiz.php, (d) forum/forum.php, (e) forum/byname.php, and (f)… | |||
| CVE-2006-1644 | 0.00 | — | 0.01 | Apr 6, 2006 | login.php in Interact 2.1.1 generates different responses depending on whether or not a username is valid, which allows remote attackers to determine valid usernames. NOTE: the provenance of this information is unknown; the details are obtained solely from third party… | |||
| CVE-2006-1642 | 0.00 | — | 0.01 | Apr 6, 2006 | Cross-site scripting (XSS) vulnerability in Interact 2.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) the search_terms parameter to (a) search.php, and (2) the first_name, (3) last_name, (4) email, (5) password, and (6) confirm_password parameters to… | |||
| CVE-2006-1643 | 0.00 | — | 0.01 | Apr 6, 2006 | SQL injection vulnerability in login.php in Interact 2.1.1 allows remote attackers to execute arbitrary SQL commands via the user_name parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party. |
- risk 0.35cvss 5.4epss 0.00
Interact 7.9.79.5 allows stored Cross-site Scripting (XSS) attacks in several locations, allowing an attacker to store a JavaScript payload.
- CVE-2008-3384Jul 30, 2008risk 0.03cvss —epss 0.03
Multiple directory traversal vulnerabilities in help/help.php in Interact Learning Community Environment Interact 2.4.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) module and (2) file parameters.
- CVE-2008-2220May 14, 2008risk 0.03cvss —epss 0.02
Multiple PHP remote file inclusion vulnerabilities in Interact Learning Community Environment Interact 2.4.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) CONFIG[LANGUAGE_CPATH] parameter to…
- CVE-2006-4448Aug 30, 2006risk 0.03cvss —epss 0.03
Multiple PHP remote file inclusion vulnerabilities in interact 2.2, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) CONFIG[BASE_PATH] parameter in (a) admin/autoprompter.php and (b) includes/common.inc.php, and the (2)…
- CVE-2008-3868Nov 3, 2008risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in Interact 2.4.1 allows remote attackers to hijack the authentication of super administrators for requests that create super administrator accounts.
- CVE-2008-3867Nov 3, 2008risk 0.00cvss —epss 0.01
SQL injection vulnerability in spaces/emailuser.php in Interact 2.4.1 allows remote attackers to execute arbitrary SQL commands via the email_user_key parameter.
- CVE-2007-4177Aug 8, 2007risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Interact before 2.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2007-3328.
- CVE-2007-3328Jun 21, 2007risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in Interact 2.4 beta 1 allow remote attackers to inject arbitrary web script or HTML via the (1) module_key parameter to (a) kb/kb.php, (b) quiz/runquiz.php, (c) quiz/quiz.php, (d) forum/forum.php, (e) forum/byname.php, and (f)…
- CVE-2006-1644Apr 6, 2006risk 0.00cvss —epss 0.01
login.php in Interact 2.1.1 generates different responses depending on whether or not a username is valid, which allows remote attackers to determine valid usernames. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…
- CVE-2006-1642Apr 6, 2006risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Interact 2.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) the search_terms parameter to (a) search.php, and (2) the first_name, (3) last_name, (4) email, (5) password, and (6) confirm_password parameters to…
- CVE-2006-1643Apr 6, 2006risk 0.00cvss —epss 0.01
SQL injection vulnerability in login.php in Interact 2.1.1 allows remote attackers to execute arbitrary SQL commands via the user_name parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party.