David Ravenscroft Hithost vulnerabilities
2 known vulnerabilities affecting david_ravenscroft/hithost.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
MEDIUM1LOW1
Vulnerabilities
Page 1 of 1
CVE-2006-1144P4LOWCVSS 2.6PoCv1.0.02006-03-10
CVE-2006-1144 [LOW] CVE-2006-1144: Cross-site scripting (XSS) vulnerability in HitHost 1.0.0 allows remote attackers to inject arbitrar
Cross-site scripting (XSS) vulnerability in HitHost 1.0.0 allows remote attackers to inject arbitrary web script or HTML via (1) the user parameter in deleteuser.php and (2) the hits parameter in viewuser.php.
nvd
CVE-2006-1235P4MEDIUMCVSS 5.0v1.0.02006-03-14
CVE-2006-1235 [MEDIUM] CVE-2006-1235: Directory traversal vulnerability in admin/deleteuser.php in HitHost 1.0.0 might allow remote attack
Directory traversal vulnerability in admin/deleteuser.php in HitHost 1.0.0 might allow remote attackers to delete directories (possibly only empty directories) via the $deleteuser variable. NOTE: the initial disclosure for this issue indicated that the researcher was unable to prove this issue; however, this might have been due to certain behaviors of rmdir.
nvd