CVE-2022-46889

A persistent cross-site scripting XSS vulnerability in NexusPHP before 1.7.33 allows remote authenticated attackers to permanently inject arbitrary web script or HTML via the title parameter used in /subtitles.php...

CVE-2022-46887

Multiple SQL injection vulnerabilities in NexusPHP before 1.7.33 allow remote attackers to execute arbitrary SQL commands via the conuser parameter in takeconfirm.php; the delcheater parameter in cheaterbox.php; or the usernw parameter in nowarn.php...

CVE-2017-14076

SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the id parameter to linksmanage.php in an editlink action...

CVE-2017-12909

SQL injection vulnerability in modtask.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the userid parameter...

CVE-2017-12655

Cross-Site Scripting XSS exists in NexusPHP version v1.5 via the query parameter to log.php in a dailylog action...

Cross-Site Scripting Vulnerability in NexusPHPV1.5 (Current Version)

NexusPHPV1.5 is a system that is used by pt stations in China. NexusPHPV1.5 current version has a cross-site scripting vulnerability. Attackers can use this vulnerability to insert special cross-site code in the message, comment, private message and other pages, the user clicks on the cross-site...