Lucene search
K

254 matches found

CVE
CVE
added 2017/09/18 4:0 a.m.49 views

CVE-2017-14534

NVD and multiple public feeds confirm CVE-2017-14534 affects NexusPHP 1.5.beta5.20120707. The vulnerability is a Cross Site Scripting (XSS) flaw exploitable via PATH_INFO to location.php, related to PHP_SELF. Impact is limited to partial integrity impact with no confidentiality/availability effec...

6.1CVSS5.9AI score0.00669EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2017/09/17 9:29 p.m.15 views

Sql injection

NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an editforum action, a different vulnerability than CVE-2017-12981...

7.5CVSS9.8AI score0.01161EPSS
Exploits2References1Affected Software1
OSV
OSV
added 2017/09/17 9:29 p.m.3 views

CVE-2017-14512

NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an editforum action, a different vulnerability than CVE-2017-12981...

9.8CVSS5.8AI score0.01097EPSS
Exploits1References1
NVD
NVD
added 2017/09/17 9:29 p.m.21 views

CVE-2017-14512

NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an editforum action, a different vulnerability than CVE-2017-12981...

9.8CVSS9.9AI score0.01097EPSS
Exploits1References1
CVE
CVE
added 2017/09/17 9:0 p.m.51 views

CVE-2017-14512

NexusPHP 1.5.beta5.20120707 is affected by SQL injection in forummanage.php. The vulnerability, associated with the sort parameter in forum-management actions (including addforum/editforum), allows remote data access. Public sources (CNVD/CNVD CNVD-2017-27285 and related CVE entries) describe the...

9.8CVSS9.9AI score0.01097EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2017/09/17 9:0 p.m.25 views

CVE-2017-14512

NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an editforum action, a different vulnerability than CVE-2017-12981...

9.9AI score0.01097EPSS
Exploits1References1
CNVD
CNVD
added 2017/09/13 12:0 a.m.2 views

NexusPHP Cross-Site Scripting Vulnerability (CNVD-2017-30114)

NexusPHP is a resource sharing community solution written in PHP developed by the Nexus team in China. A cross-site scripting vulnerability exists in NexusPHP version 1.5.beta5.20120707. A remote attacker can exploit this vulnerability by sending the 'returnto' parameter to the fun.php file durin...

6.1CVSS6.1AI score0.00683EPSS
Exploits1References1
NVD
NVD
added 2017/09/12 7:29 p.m.15 views

CVE-2017-14347

NexusPHP 1.5.beta5.20120707 has XSS in the returnto parameter to fun.php in a delete action...

6.1CVSS6AI score0.00683EPSS
Exploits1References1
OSV
OSV
added 2017/09/12 7:29 p.m.4 views

CVE-2017-14347

NexusPHP 1.5.beta5.20120707 has XSS in the returnto parameter to fun.php in a delete action...

6.1CVSS5.8AI score0.00683EPSS
Exploits1References1
Prion
Prion
added 2017/09/12 7:29 p.m.20 views

Design/Logic Flaw

NexusPHP 1.5.beta5.20120707 has XSS in the returnto parameter to fun.php in a delete action...

4.3CVSS5.9AI score0.00683EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2017/09/12 7:0 p.m.24 views

CVE-2017-14347

NexusPHP 1.5.beta5.20120707 has XSS in the returnto parameter to fun.php in a delete action...

6AI score0.00683EPSS
Exploits1References1
CVE
CVE
added 2017/09/12 7:0 p.m.46 views

CVE-2017-14347

NexusPHP 1.5.beta5.20120707 is affected by an XSS vulnerability in the returnto parameter of fun.php during a delete action. Descriptions in CVE records and CNVD/NVD references indicate the issue allows script injection in NexusPHP’s admin-facing flow, with CNVD noting potential to obtain the adm...

6.1CVSS5.9AI score0.00683EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2017/09/08 12:0 a.m.4 views

NexusPHP Cross-Site Request Forgery Vulnerability

NexusPHP is a resource sharing community solution written in PHP developed by the Nexus team in China. A cross-site scripting vulnerability exists in NexusPHP version 1.5. A remote attacker can exploit the vulnerability to send manas or add administrator accounts...

8.8CVSS8.4AI score0.0056EPSS
Exploits1References1
CNVD
CNVD
added 2017/09/08 12:0 a.m.3 views

NexusPHP Cross-Site Scripting Vulnerability (CNVD-2017-30100)

NexusPHP is a resource sharing community solution written in PHP developed by the Nexus team in China. A cross-site scripting vulnerability exists in NexusPHP. A remote attacker can exploit this vulnerability by sending PATHINFO to the cheaters.php or confirmresend.php file to inject arbitrary we...

6.1CVSS6.1AI score0.00818EPSS
Exploits1References1
NVD
NVD
added 2017/09/07 1:29 p.m.18 views

CVE-2017-12906

Multiple cross-site scripting XSS vulnerabilities in NexusPHP allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 cheaters.php or 2 confirmresend.php...

6.1CVSS6.1AI score0.00818EPSS
Exploits1References2
Prion
Prion
added 2017/09/07 1:29 p.m.14 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in NexusPHP allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 cheaters.php or 2 confirmresend.php...

4.3CVSS6AI score0.00818EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2017/09/07 1:29 p.m.6 views

CVE-2017-12906

Multiple cross-site scripting XSS vulnerabilities in NexusPHP allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 cheaters.php or 2 confirmresend.php...

6.1CVSS5.8AI score0.00818EPSS
Exploits1References2
Prion
Prion
added 2017/09/07 1:29 p.m.13 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in NexusPHP 1.5 allows remote attackers to hijack the authentication of users for requests that 1 send manas via a request to mybonus.php or 2 add administrators via unspecified vectors...

6.8CVSS8.7AI score0.0056EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2017/09/07 1:29 p.m.4 views

CVE-2017-12838

Cross-site request forgery CSRF vulnerability in NexusPHP 1.5 allows remote attackers to hijack the authentication of users for requests that 1 send manas via a request to mybonus.php or 2 add administrators via unspecified vectors...

8.8CVSS5.8AI score0.0056EPSS
Exploits1References1
NVD
NVD
added 2017/09/07 1:29 p.m.18 views

CVE-2017-12838

Cross-site request forgery CSRF vulnerability in NexusPHP 1.5 allows remote attackers to hijack the authentication of users for requests that 1 send manas via a request to mybonus.php or 2 add administrators via unspecified vectors...

8.8CVSS8.8AI score0.0056EPSS
Exploits1References1
Rows per page
Query Builder