Directory Traversal vulnerability in Webport CMS 1.19.10.17121 via the file parameter to file/download.

Cross Site Scripting (XSS) vulnerabililty in WebPort <=1.19.1 via the description parameter to script/listcalls.

SQL Injection vulnerability in WebPort <=1.19.1 via the new connection, parameter name in type-conn.

Cross Site Scripting (XSS) vulnerability in WebPort <=1.19.1via the connection name parameter in type-conn.

Directory Traversal vulnerability in WebPort <=1.19.1 in tags of system settings.

WebPort-v1.19.17121 is affected by Cross Site Scripting (XSS) on the "connections" feature.

Web Port 1.19.1 allows XSS via the /log type parameter.

Web Port 1.19.1 allows XSS via the /access/setup type parameter.

Multiple SQL injection vulnerabilities in forum.asp in MaxWebPortal allow remote attackers to execute arbitrary SQL commands via the (1) FORUM_ID or (2) CAT_ID parameter. NOTE: this might overlap CVE-2005-1417.

PHP remote file inclusion vulnerability in indexk.php in WebPortal CMS 0.8-beta allows remote attackers to execute arbitrary PHP code via a URL in the lib_path parameter.