Filtered by vendor Bitweaver
Subscriptions
Total
32 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-3104 | 1 Bitweaver | 1 Bitweaver | 2025-04-03 | N/A |
| users/index.php in Bitweaver 1.3 allows remote attackers to obtain sensitive information via an invalid sort_mode parameter, which reveals the installation path and database information in the resultant error message. | ||||
| CVE-2006-3105 | 1 Bitweaver | 1 Bitweaver | 2025-04-03 | N/A |
| CRLF injection vulnerability in Bitweaver 1.3 allows remote attackers to conduct HTTP response splitting attacks by via CRLF sequences in multiple unspecified parameters that are injected into HTTP headers, as demonstrated by the BWSESSION parameter in index.php. | ||||
| CVE-2021-29033 | 1 Bitweaver | 1 Bitweaver | 2024-11-21 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/edit_group.php URI. | ||||
| CVE-2021-29032 | 1 Bitweaver | 1 Bitweaver | 2024-11-21 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/preferences.php URI. | ||||
| CVE-2021-29031 | 1 Bitweaver | 1 Bitweaver | 2024-11-21 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/users_import.php URI. | ||||
| CVE-2021-29030 | 1 Bitweaver | 1 Bitweaver | 2024-11-21 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/index.php URI. | ||||
| CVE-2021-29029 | 1 Bitweaver | 1 Bitweaver | 2024-11-21 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/edit_personal_page.php URI. | ||||
| CVE-2021-29028 | 1 Bitweaver | 1 Bitweaver | 2024-11-21 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/user_activity.php URI. | ||||
| CVE-2021-29027 | 1 Bitweaver | 1 Bitweaver | 2024-11-21 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/index.php URI. | ||||
| CVE-2021-29026 | 1 Bitweaver | 1 Bitweaver | 2024-11-21 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/permissions.php URI. | ||||
| CVE-2021-29025 | 1 Bitweaver | 1 Bitweaver | 2024-11-21 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/my_images.php URI. | ||||
| CVE-2012-5193 | 1 Bitweaver | 1 Bitweaver | 2024-11-21 | 6.1 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 2.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) stats/index.php or (2) newsletters/edition.php or the (3) username parameter to users/remind_password.php, (4) days parameter to stats/index.php, (5) login parameter to users/register.php, or (6) highlight parameter. | ||||