Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Nexusphp Security Vulnerabilities

cve
cve

CVE-2017-12655

Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the query parameter to log.php in a dailylog action.

6.1CVSS

5.9AI Score

0.001EPSS

2017-08-07 08:29 PM
34
cve
cve

CVE-2017-12680

Cross-Site Scripting (XSS) exists in NexusPHP 1.5 via the type parameter to shoutbox.php.

6.1CVSS

5.9AI Score

0.001EPSS

2017-08-18 04:29 PM
31
cve
cve

CVE-2017-12776

SQL injection vulnerability in reports.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the delreport parameter.

9.8CVSS

9.9AI Score

0.002EPSS

2017-08-18 05:29 PM
26
cve
cve

CVE-2017-12777

Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via some parameter to usersearch.php.

6.1CVSS

5.9AI Score

0.001EPSS

2017-08-09 09:29 PM
25
cve
cve

CVE-2017-12792

Multiple cross-site request forgery (CSRF) vulnerabilities in NexusPHP 1.5 allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) linkname, (2) url, or (3) title parameter in an add action to linksmanage.php.

6.1CVSS

6.5AI Score

0.001EPSS

2017-10-03 01:29 AM
27
cve
cve

CVE-2017-12798

Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the q parameter to searchsuggest.php.

6.1CVSS

5.9AI Score

0.001EPSS

2017-08-10 06:29 PM
33
cve
cve

CVE-2017-12838

Cross-site request forgery (CSRF) vulnerability in NexusPHP 1.5 allows remote attackers to hijack the authentication of users for requests that (1) send manas via a request to mybonus.php or (2) add administrators via unspecified vectors.

8.8CVSS

8.7AI Score

0.002EPSS

2017-09-07 01:29 PM
30
cve
cve

CVE-2017-12906

Multiple cross-site scripting (XSS) vulnerabilities in NexusPHP allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) cheaters.php or (2) confirm_resend.php.

6.1CVSS

6AI Score

0.001EPSS

2017-09-07 01:29 PM
34
cve
cve

CVE-2017-12907

Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the url path to usersearch.php.

6.1CVSS

5.9AI Score

0.001EPSS

2017-08-17 08:29 PM
28
cve
cve

CVE-2017-12908

SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the conusr parameter.

9.8CVSS

9.9AI Score

0.002EPSS

2017-08-17 08:29 PM
35
cve
cve

CVE-2017-12909

SQL injection vulnerability in modtask.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the userid parameter.

9.8CVSS

9.9AI Score

0.002EPSS

2017-08-17 08:29 PM
30
cve
cve

CVE-2017-12910

SQL injection vulnerability in massmail.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the or parameter.

9.8CVSS

9.9AI Score

0.002EPSS

2017-08-17 08:29 PM
29
cve
cve

CVE-2017-14347

NexusPHP 1.5.beta5.20120707 has XSS in the returnto parameter to fun.php in a delete action.

6.1CVSS

5.9AI Score

0.001EPSS

2017-09-12 07:29 PM
25
cve
cve

CVE-2017-14512

NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an editforum action, a different vulnerability than CVE-2017-12981.

9.8CVSS

9.9AI Score

0.002EPSS

2017-09-17 09:29 PM
28
cve
cve

CVE-2017-14534

Cross Site Scripting (XSS) exists in NexusPHP 1.5.beta5.20120707 via the PATH_INFO to location.php, related to PHP_SELF.

6.1CVSS

5.9AI Score

0.001EPSS

2017-09-18 04:29 AM
27
cve
cve

CVE-2017-15305

XSS exists in NexusPHP 1.5 via the keyword parameter to messages.php.

6.1CVSS

5.9AI Score

0.001EPSS

2017-10-15 03:29 AM
31