Nexusphp Security Vulnerabilities and Issues — Nexusphp CVE List

Lucene search

Nexusphp ProjectNexusphp

5 matches found

CVE•added 2017/09/07 1:29 p.m.•45 views

CVE-2017-12906

Multiple cross-site scripting (XSS) vulnerabilities in NexusPHP allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) cheaters.php or (2) confirm_resend.php.

6.1CVSS6AI score0.00238EPSS

CVE•added 2017/09/07 1:29 p.m.•39 views

CVE-2017-12838

Cross-site request forgery (CSRF) vulnerability in NexusPHP 1.5 allows remote attackers to hijack the authentication of users for requests that (1) send manas via a request to mybonus.php or (2) add administrators via unspecified vectors.

8.8CVSS8.7AI score0.00123EPSS

CVE•added 2017/09/17 9:29 p.m.•39 views

CVE-2017-14512

NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an editforum action, a different vulnerability than CVE-2017-12981.

9.8CVSS9.9AI score0.0025EPSS

CVE•added 2017/09/18 4:29 a.m.•37 views

CVE-2017-14534

Cross Site Scripting (XSS) exists in NexusPHP 1.5.beta5.20120707 via the PATH_INFO to location.php, related to PHP_SELF.

6.1CVSS5.9AI score0.0024EPSS

CVE•added 2017/09/12 7:29 p.m.•36 views

CVE-2017-14347

NexusPHP 1.5.beta5.20120707 has XSS in the returnto parameter to fun.php in a delete action.

6.1CVSS5.9AI score0.0024EPSS