CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

254 matches found

CNNVD•added 2022/03/30 12:0 a.m.•4 views

NexusPHP SQL注入漏洞

NexusPHP is a free and open source complete solution for building PT websites. NexusPHP version 1.5 is vulnerable to SQL injection, which can be exploited by remote attackers to execute arbitrary SQL commands via the classes parameter...

9.8CVSS6.3AI score0.01932EPSS

Exploits1References4

CNNVD•added 2022/03/30 12:0 a.m.•2 views

NexusPHP 安全漏洞

NexusPHP is a free and open source complete PT site building solution. NexusPHP is vulnerable to an access control error that could be exploited by attackers to access published content...

7.5CVSS5.5AI score0.02015EPSS

Exploits1References4

CNVD•added 2018/05/24 12:0 a.m.•4 views

NexusPHP Cross-Site Request Forgery Vulnerability (CNVD-2018-10475)

NexusPHP is a resource sharing community solution written in PHP developed by the Nexus team in China. Multiple cross-site request forgery vulnerabilities exist in NexusPHP version 1.5. A remote attacker can exploit this vulnerability to perform unauthorized operations with the help of 'linkname'...

6.1CVSS7.1AI score0.01212EPSS

Exploits1References1

CNVD•added 2017/10/16 12:0 a.m.•4 views

NexusPHP Cross-Site Scripting Vulnerability (CNVD-2017-32401)

NexusPHP is a resource sharing community solution written in PHP developed by the Nexus team in China. A cross-site scripting vulnerability exists in NexusPHP version 1.5. A remote attacker can exploit this vulnerability by sending the 'keyword' parameter to the messages.php file to obtain the...

6.1CVSS6.1AI score0.00892EPSS

Exploits1References1

OSV•added 2017/10/15 3:29 a.m.•3 views

CVE-2017-15305

XSS exists in NexusPHP 1.5 via the keyword parameter to messages.php...

6.1CVSS5.8AI score0.00892EPSS

Exploits1References2

Prion•added 2017/10/15 3:29 a.m.•15 views

Cross site scripting

XSS exists in NexusPHP 1.5 via the keyword parameter to messages.php...

4.3CVSS5.9AI score0.00892EPSS

Exploits1References2Affected Software1

NVD•added 2017/10/15 3:29 a.m.•21 views

CVE-2017-15305

XSS exists in NexusPHP 1.5 via the keyword parameter to messages.php...

6.1CVSS6AI score0.00892EPSS

Exploits1References2

Cvelist•added 2017/10/15 3:0 a.m.•31 views

CVE-2017-15305

XSS exists in NexusPHP 1.5 via the keyword parameter to messages.php...

6AI score0.00892EPSS

Exploits1References2

CVE•added 2017/10/15 3:0 a.m.•51 views

CVE-2017-15305

The CVE-2017-15305 entry describes a cross-site scripting (XSS) vulnerability in NexusPHP 1.5 exploitable via the keyword parameter to messages.php. Multiple connected records (CNVD-2017-32401, RH:CVE-2017-15305, NVD/CVE-2017-15305, PRION/CVE-2017-15305, CVELIST/CVE-2017-15305) corroborate an XSS...

6.1CVSS5.9AI score0.00892EPSS

Exploits1References2Affected Software1

OSV•added 2017/10/03 1:29 a.m.•4 views

CVE-2017-12792

Multiple cross-site request forgery CSRF vulnerabilities in NexusPHP 1.5 allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the 1 linkname, 2 url, or 3 title parameter in an add action to linksmanage.php...

6.1CVSS5.8AI score0.01212EPSS

Exploits1References1

NVD•added 2017/10/03 1:29 a.m.•17 views

CVE-2017-12792

6.1CVSS6.6AI score0.01212EPSS

Exploits1References1

Prion•added 2017/10/03 1:29 a.m.•15 views

Cross site request forgery (csrf)

4.3CVSS6.6AI score0.01212EPSS

Exploits1References1Affected Software1

ATTACKERKB•added 2017/10/03 1:29 a.m.•3 views

CVE-2017-12792

6.1CVSS5.2AI score0.01212EPSS

Exploits1References2

Cvelist•added 2017/10/02 2:0 p.m.•23 views

CVE-2017-12792

6.6AI score0.01212EPSS

Exploits1References1

CVE•added 2017/10/02 2:0 p.m.•50 views

CVE-2017-12792

CVE-2017-12792 affects NexusPHP 1.5. Multiple CSRF vulnerabilities enable remote attackers to hijack administrator sessions by issuing requests that trigger XSS via the linkname, url, or title parameters in an add action to linksmanage.php. Root cause: CSRF in NexusPHP 1.5; impact stated as hijac...

6.1CVSS6.5AI score0.01212EPSS

Exploits1References1Affected Software1

CNVD•added 2017/09/19 12:0 a.m.•3 views

NexusPHP Cross-Site Scripting Vulnerability (CNVD-2017-27604)

NexusPHP is a resource sharing community solution written in PHP developed by the Nexus team in China. A cross-site scripting vulnerability exists in NexusPHP version 1.5.beta5.20120707. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

6.1CVSS6.1AI score0.00669EPSS

Exploits1References1

Prion•added 2017/09/18 4:29 a.m.•18 views

Cross site scripting

Cross Site Scripting XSS exists in NexusPHP 1.5.beta5.20120707 via the PATHINFO to location.php, related to PHPSELF...

4.3CVSS6AI score0.00669EPSS

Exploits1References1Affected Software1

OSV•added 2017/09/18 4:29 a.m.•6 views

CVE-2017-14534

Cross Site Scripting XSS exists in NexusPHP 1.5.beta5.20120707 via the PATHINFO to location.php, related to PHPSELF...

6.1CVSS5.8AI score0.00669EPSS

Exploits1References1