Pixelimity 1.0 has Persistent XSS via the admin/portfolio.php data[title] parameter, as demonstrated by a crafted onload attribute of an SVG element.
4.8CVSS
4.8AI Score
0.001EPSS
Pixelimity 1.0 has cross-site request forgery via the admin/setting.php data [Password] parameter.
6.8CVSS
6.6AI Score
0.001EPSS
Cross Site Scripting (XSS) vulnerability exists in Pixelimity 1.0 via the HTTP POST parameter to admin/setting.php.
4.8CVSS
4.8AI Score
0.001EPSS
A Cross Site Scripting vulnerabilty exists in Pixelimity 1.0 via the Site Description field in pixelimity/admin/setting.php
4.8CVSS
5AI Score
0.001EPSS
A stored cross-site scripting (XSS) vulnerability in Pixelimity 1.0 allows attackers to execute arbitrary web scripts or HTML via the Title field in admin/pages.php?action=add_new
4.8CVSS
4.9AI Score
0.001EPSS
A Remote Code Execution (RCE) vulnerability exists in Pixelimity 1.0 via admin/admin-ajax.php?action=install_theme.
7.2CVSS
7.2AI Score
0.003EPSS