254 matches found
CVE-2017-14534
NVD and multiple public feeds confirm CVE-2017-14534 affects NexusPHP 1.5.beta5.20120707. The vulnerability is a Cross Site Scripting (XSS) flaw exploitable via PATH_INFO to location.php, related to PHP_SELF. Impact is limited to partial integrity impact with no confidentiality/availability effec...
Sql injection
NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an editforum action, a different vulnerability than CVE-2017-12981...
CVE-2017-14512
NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an editforum action, a different vulnerability than CVE-2017-12981...
CVE-2017-14512
NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an editforum action, a different vulnerability than CVE-2017-12981...
CVE-2017-14512
NexusPHP 1.5.beta5.20120707 is affected by SQL injection in forummanage.php. The vulnerability, associated with the sort parameter in forum-management actions (including addforum/editforum), allows remote data access. Public sources (CNVD/CNVD CNVD-2017-27285 and related CVE entries) describe the...
CVE-2017-14512
NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an editforum action, a different vulnerability than CVE-2017-12981...
NexusPHP Cross-Site Scripting Vulnerability (CNVD-2017-30114)
NexusPHP is a resource sharing community solution written in PHP developed by the Nexus team in China. A cross-site scripting vulnerability exists in NexusPHP version 1.5.beta5.20120707. A remote attacker can exploit this vulnerability by sending the 'returnto' parameter to the fun.php file durin...
CVE-2017-14347
NexusPHP 1.5.beta5.20120707 has XSS in the returnto parameter to fun.php in a delete action...
CVE-2017-14347
NexusPHP 1.5.beta5.20120707 has XSS in the returnto parameter to fun.php in a delete action...
Design/Logic Flaw
NexusPHP 1.5.beta5.20120707 has XSS in the returnto parameter to fun.php in a delete action...
CVE-2017-14347
NexusPHP 1.5.beta5.20120707 has XSS in the returnto parameter to fun.php in a delete action...
CVE-2017-14347
NexusPHP 1.5.beta5.20120707 is affected by an XSS vulnerability in the returnto parameter of fun.php during a delete action. Descriptions in CVE records and CNVD/NVD references indicate the issue allows script injection in NexusPHP’s admin-facing flow, with CNVD noting potential to obtain the adm...
NexusPHP Cross-Site Request Forgery Vulnerability
NexusPHP is a resource sharing community solution written in PHP developed by the Nexus team in China. A cross-site scripting vulnerability exists in NexusPHP version 1.5. A remote attacker can exploit the vulnerability to send manas or add administrator accounts...
NexusPHP Cross-Site Scripting Vulnerability (CNVD-2017-30100)
NexusPHP is a resource sharing community solution written in PHP developed by the Nexus team in China. A cross-site scripting vulnerability exists in NexusPHP. A remote attacker can exploit this vulnerability by sending PATHINFO to the cheaters.php or confirmresend.php file to inject arbitrary we...
CVE-2017-12906
Multiple cross-site scripting XSS vulnerabilities in NexusPHP allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 cheaters.php or 2 confirmresend.php...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in NexusPHP allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 cheaters.php or 2 confirmresend.php...
CVE-2017-12906
Multiple cross-site scripting XSS vulnerabilities in NexusPHP allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 cheaters.php or 2 confirmresend.php...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in NexusPHP 1.5 allows remote attackers to hijack the authentication of users for requests that 1 send manas via a request to mybonus.php or 2 add administrators via unspecified vectors...
CVE-2017-12838
Cross-site request forgery CSRF vulnerability in NexusPHP 1.5 allows remote attackers to hijack the authentication of users for requests that 1 send manas via a request to mybonus.php or 2 add administrators via unspecified vectors...
CVE-2017-12838
Cross-site request forgery CSRF vulnerability in NexusPHP 1.5 allows remote attackers to hijack the authentication of users for requests that 1 send manas via a request to mybonus.php or 2 add administrators via unspecified vectors...