Filtered by vendor Aditus Subscriptions
Filtered by product Jpgraph Subscriptions
Total 2 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-39165 1 Aditus 1 Jpgraph 2024-11-21 6.8 Medium
QR/demoapp/qr_image.php in Asial JpGraph Professional through 4.2.6-pro allows remote attackers to execute arbitrary code via a PHP payload in the data parameter in conjunction with a .php file name in the filename parameter. This occurs because an unnecessary QR/demoapp folder.is shipped with the product.
CVE-2009-4422 1 Aditus 1 Jpgraph 2024-11-21 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the GetURLArguments function in jpgraph.php in Aditus Consulting JpGraph 3.0.6 allow remote attackers to inject arbitrary web script or HTML via a key to csim_in_html_ex1.php, and other unspecified vectors.