Lucene search

K
PhpmywindPhpmywind

7 matches found

CVE
CVE
added 2019/09/23 4:15 a.m.145 views

CVE-2019-16703

admin/infolist_add.php in PHPMyWind 5.6 has stored XSS.

6.1CVSS6.2AI score0.00328EPSS
CVE
CVE
added 2017/08/21 7:29 a.m.50 views

CVE-2017-12984

PHPMyWind 5.3 has XSS in shoppingcart.php, related to message.php, admin/message.php, and admin/message_update.php.

6.1CVSS5.9AI score0.01091EPSS
CVE
CVE
added 2019/03/07 11:29 p.m.32 views

CVE-2019-7661

An issue was discovered in PHPMyWind 5.5. The method parameter of the data/api/oauth/connect.php page has a reflected Cross-site Scripting (XSS) vulnerability.

6.1CVSS6AI score0.00328EPSS
CVE
CVE
added 2018/05/26 3:29 p.m.31 views

CVE-2018-11487

PHPMyWind 5.5 has XSS via the cid parameter to newsshow.php, or the query string to news.php or about.php.

6.1CVSS5.9AI score0.00328EPSS
CVE
CVE
added 2021/10/14 3:15 p.m.29 views

CVE-2020-19964

A Cross Site Request Forgery (CSRF) vulnerability was discovered in PHPMyWind 5.6 which allows attackers to create a new administrator account without authentication.

6.5CVSS6.4AI score0.00136EPSS
CVE
CVE
added 2019/02/05 4:29 p.m.28 views

CVE-2019-7402

An issue was discovered in PHPMyWind 5.5. The GetQQ function in include/func.class.php allows XSS via the cfg_qqcode parameter. This can be exploited via CSRF.

6.1CVSS5.9AI score0.00154EPSS
CVE
CVE
added 2019/03/07 11:29 p.m.27 views

CVE-2019-7660

An issue was discovered in PHPMyWind 5.5. The username parameter of the /install/index.php page has a stored Cross-site Scripting (XSS) vulnerability, as demonstrated by admin/login.php.

6.1CVSS5.9AI score0.00328EPSS