Pixie Security Vulnerabilities and Issues — Pixie CVE List

LucidcrewPixie

9 matches found

CVE•added 2017/04/03 5:0 p.m.•57 views

CVE-2017-7402

Pixie 1.0.4 suffers remote authenticated arbitrary PHP code execution by uploading a double‑extension file (for example, image.jpg.php) via admin/index.php?s=publish&x=filemanager. This bypasses extension checks when Content-Type is image/jpeg. Impact: high/severe (CVSSv3 up to 9.8). Exploit pres...

9.8CVSS9.3AI score0.09321EPSS

Web

CVE•added 2011/12/08 7:0 p.m.•47 views

CVE-2011-4710

CVE-2011-4710 affects Pixie CMS versions 1.01 through 1.04, where the application is vulnerable to SQL injection via the pixie_user parameter and the Referer HTTP header in requests to the default URI. The underlying root cause is improper input handling that allows remote attackers to execute ar...

7.5CVSS10AI score0.0025EPSS

CVE•added 2017/03/31 4:26 a.m.•47 views

CVE-2017-7359

Pixie 1.0.4 contains a cross-site scripting (XSS) vulnerability in the CMS, described as an XSS in Pixie 1.0.4 via admin/index.php s=login&m=. Root cause: improper input validation/handling. Impact per sources indicates potential script injection; exploitation status is not provided in the docume...

6.1CVSS5.9AI score0.00285EPSS

Web

CVE•added 2017/03/31 4:26 a.m.•46 views

CVE-2017-7363

Pixie 1.0.4 is affected by a cross-site scripting (XSS) vulnerability in Pixie’s admin/index.php s=publish&m=module&x= flow. The root cause is improper validation of user-submitted input, enabling injection of arbitrary web script/HTML. Impact: potential for session hijacking or defacement as des...

6.1CVSS5.9AI score0.00234EPSS

Web

CVE•added 2017/03/31 4:26 a.m.•44 views

CVE-2017-7362

The CVE-2017-7362 entry concerns Pixie 1.0.4, where an XSS vulnerability exists in the admin UI via admin/index.php s=publish&m=dynamic&x=, indicating improper input handling. The connected CNVD/NVD/OSV entries corroborate a cross-site scripting vulnerability affecting Pixie 1.0.4; no exact patch...

6.1CVSS5.9AI score0.00234EPSS

Web

CVE•added 2014/06/04 2:0 p.m.•43 views

CVE-2014-3786

Pixie CMS 1.04’s contact module (admin/modules/contact.php) is affected by multiple POST XSS vulnerabilities via the uemail and subject fields in the contact form. A remote attacker could inject arbitrary web script/HTML, enabling script execution in the victim’s browser on the affected site. The...

4.3CVSS5.9AI score0.00225EPSS

Web

CVE•added 2017/03/31 4:26 a.m.•43 views

CVE-2017-7360

CVE-2017-7360 affects Pixie 1.0.4. The connected documents identify a cross-site scripting vulnerability in the admin interface, specifically in the admin/index.php s=settings&x= parameter, indicating insufficient input validation in the settings handling path. The impact is an XSS where an attac...

6.1CVSS5.9AI score0.00234EPSS

Web

CVE•added 2017/03/31 4:26 a.m.•43 views

CVE-2017-7361

Pixie 1.0.4 is affected by a cross-site scripting (XSS) vulnerability exposed via admin/index.php s=publish&m=static&x=. The CNVD entry states Pixie 1.0.4 contains a cross-site scripting flaw due to improper validation of user-submitted input, allowing a remote attacker to inject arbitrary web sc...

6.1CVSS5.9AI score0.00234EPSS

Web

CVE•added 2011/09/24 12:0 a.m.•41 views

CVE-2011-3793

Pixie 1.04 is affected by an information-disclosure vulnerability where remote attackers can obtain sensitive data by requesting a PHP file directly, causing an error message that reveals the installation path (e.g., admin/modules/static.php). ThisSummary is supported by multiple sources (NVD, Re...

5CVSS6.3AI score0.00283EPSS