Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Pixie Security Vulnerabilities

cve
cve

CVE-2011-4710

Multiple SQL injection vulnerabilities in Pixie CMS 1.01 through 1.04 allow remote attackers to execute arbitrary SQL commands via the (1) pixie_user parameter and (2) Referer HTTP header in a request to the default...

10AI Score

0.001EPSS

2022-10-03 04:15 PM
23
2
cve
cve

CVE-2011-3793

Pixie 1.04 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by admin/modules/static.php and certain other...

6.3AI Score

0.002EPSS

2022-10-03 04:15 PM
22
2
cve
cve

CVE-2019-10766

Pixie versions 1.0.x before 1.0.3, and 2.0.x before 2.0.2 allow SQL Injection in the limit() function due to improper...

9.8CVSS

9.8AI Score

0.002EPSS

2019-11-19 08:15 PM
61
cve
cve

CVE-2017-12905

Server Side Request Forgery vulnerability in Vebto Pixie Image Editor 1.4 and 1.7 allows remote attackers to disclose information or execute arbitrary code via the url parameter to...

10CVSS

9.5AI Score

0.009EPSS

2017-09-25 05:29 PM
28
cve
cve

CVE-2017-7402

Pixie 1.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via the POST data in an admin/index.php?s=publish&x=filemanager request for a filename with a double extension, such as a .jpg.php file with Content-Type of...

9.8CVSS

9.3AI Score

0.027EPSS

2017-04-03 05:59 PM
38
2
cve
cve

CVE-2017-7363

Pixie 1.0.4 allows an admin/index.php s=publish&m=module&x= XSS...

6.1CVSS

5.9AI Score

0.001EPSS

2017-03-31 04:59 AM
27
2
cve
cve

CVE-2017-7360

Pixie 1.0.4 allows an admin/index.php s=settings&x= XSS...

6.1CVSS

5.9AI Score

0.001EPSS

2017-03-31 04:59 AM
25
2
cve
cve

CVE-2017-7361

Pixie 1.0.4 allows an admin/index.php s=publish&m=static&x= XSS...

6.1CVSS

5.9AI Score

0.001EPSS

2017-03-31 04:59 AM
25
2
cve
cve

CVE-2017-7359

Pixie 1.0.4 allows an admin/index.php s=login&m= XSS...

6.1CVSS

5.9AI Score

0.001EPSS

2017-03-31 04:59 AM
27
2
cve
cve

CVE-2017-7362

Pixie 1.0.4 allows an admin/index.php s=publish&m=dynamic&x= XSS...

6.1CVSS

5.9AI Score

0.001EPSS

2017-03-31 04:59 AM
25
2
cve
cve

CVE-2014-3786

Multiple cross-site scripting (XSS) vulnerabilities in the contact module (admin/modules/contact.php) in Pixie CMS 1.04 allow remote attackers to inject arbitrary web script or HTML via the (1) uemail or (2) subject parameter in the Contact form to...

5.9AI Score

0.002EPSS

2014-06-04 02:55 PM
23
2
cve
cve

CVE-2009-1065

SQL injection vulnerability in index.php in Pixie CMS 1.01a allows remote attackers to execute arbitrary SQL commands via the x parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

8.3AI Score

0.001EPSS

2009-03-26 05:51 AM
21
cve
cve

CVE-2009-1066

SQL injection vulnerability in the referral function in admin/lib/lib_logs.php in Pixie CMS 1.01a allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header in a...

8.6AI Score

0.006EPSS

2009-03-26 05:51 AM
28
cve
cve

CVE-2009-1067

Cross-site scripting (XSS) vulnerability in index.php in Pixie CMS 1.01a allows remote attackers to inject arbitrary web script or HTML via the x...

5.9AI Score

0.006EPSS

2009-03-26 05:51 AM
22