Multiple cross-site scripting (XSS) vulnerabilities in Gregarius 0.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) rss_query parameter to search.php or (2) tag parameter to tags.php.
5.8AI Score
0.006EPSS
Multiple SQL injection vulnerabilities in Gregarius 0.5.2 allow remote attackers to execute arbitrary SQL commands via the (1) folder parameter to feed.php or (2) rss_query parameter to search.php.
8.5AI Score
0.006EPSS
SQL injection vulnerability in ajax.php in Gregarius 0.5.4 and earlier allows remote attackers to execute arbitrary SQL commands via the rsargs array parameter in an __exp__getFeedContent action.
8.4AI Score
0.003EPSS