Habariproject Habari vulnerabilities
2 known vulnerabilities affecting habariproject/habari.
Total CVEs
2
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
MEDIUM1LOW1
Vulnerabilities
Page 1 of 1
CVE-2010-4608P4MEDIUMCVSS 5.0PoCv0.6.52010-12-29
CVE-2010-4608 [MEDIUM] CWE-200 CVE-2010-4608: Habari 0.6.5 allows remote attackers to obtain sensitive information via a direct request to (1) hea
Habari 0.6.5 allows remote attackers to obtain sensitive information via a direct request to (1) header.php and (2) comments_items.php in system/admin/, which reveals the installation path in an error message.
nvd
CVE-2010-4607P4LOWCVSS 2.6PoCv0.6.52010-12-29
CVE-2010-4607 [LOW] CWE-79 CVE-2010-4607: Multiple cross-site scripting (XSS) vulnerabilities in Habari 0.6.5, when register_globals is enable
Multiple cross-site scripting (XSS) vulnerabilities in Habari 0.6.5, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) additem_form parameter to system/admin/dash_additem.php and the (2) status_data[] parameter to system/admin/dash_status.php. NOTE: some of these details are obtained from third par
nvd