Lucene search
K
SquizMatrix

6 matches found

CVE
CVE
added 2022/09/06 12:0 a.m.62 views

CVE-2022-32277

Affected product: Squiz Matrix CMS 6.20. Vulnerability: Insecure Direct Object Reference caused by failure to correctly validate authorization when submitting a request to change a user’s contact details. Impact (as stated): Confidentiality: None; Integrity: Low; Availability: None. Root cause / ...

5.3CVSS5.3AI score0.00435EPSS
CVE
CVE
added 2019/12/11 7:4 p.m.60 views

CVE-2019-19373

Squiz Matrix CMS is affected by CVE-2019-19373 across multiple 5.5.x releases: 5.5.0 before 5.5.0.3, 5.5.1 before 5.5.1.8, 5.5.2 before 5.5.2.4, and 5.5.3 before 5.5.3.3. The vulnerability arises from arbitrary PHP object deserialization in the Remote Content page type when processing the package...

7.5CVSS8AI score0.048EPSS
Web
CVE
CVE
added 2019/12/11 7:10 p.m.59 views

CVE-2019-19374

CVE-2019-19374 affects Squiz Matrix CMS 5.5.x: core/assets/form/form_question_types/form_question_type_file_upload/form_question_type_file_upload.inc allows a user to delete arbitrary files from the server during interaction with the File Upload field in a custom form, and exposes the full path t...

9.1CVSS8.5AI score0.0344EPSS
Web
CVE
CVE
added 2017/11/30 2:0 a.m.52 views

CVE-2017-14198

Summary: CVE-2017-14198 affects Squiz Matrix prior to 5.3.6.1 and 5.4.x prior to 5.4.1.3. Authenticated users with permissions to edit design assets can cause Remote Code Execution (RCE) via a maliciously crafted time_format tag. The connected CNVD/NVD entries corroborate the affected versions an...

8.8CVSS8.7AI score0.01769EPSS
CVE
CVE
added 2017/11/30 2:0 a.m.46 views

CVE-2017-14196

Summary: CVE-2017-14196 is a path traversal information-disclosure vulnerability in Squiz Matrix, affecting the File Bridge plugin. Affected versions: 5.3 through 5.3.6.1 and 5.4.1.3. Root cause/impact: a path traversal flaw allows an attacker to confirm the existence of files outside the bridged...

7.5CVSS7.1AI score0.02193EPSS
CVE
CVE
added 2017/11/30 2:0 a.m.43 views

CVE-2017-14197

Squiz Matrix WYSIWYG plugin is affected by multiple reflected XSS issues. Affected: Matrix WYSIWYG plugins in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. Impact: remote attacker can inject arbitrary web script or HTML. Remediation: upgrade to 5.3.6.1 or 5.4.1.3 (or newer) where fixed.

6.1CVSS6AI score0.00602EPSS