Vulnerabilities > Dynpg

DATE CVE VULNERABILITY TITLE RISK
2021-11-02 CVE-2020-27406 Cross-site Scripting vulnerability in Dynpg 4.9.1
Cross Site Scripting (XSS) vulnerability in DynPG 4.9.1, allows authenticated attackers to execute arbitrary code via the groupname.
network
dynpg CWE-79
3.5
3.5
2021-03-23 CVE-2021-27531 Cross-site Scripting vulnerability in Dynpg 4.9.2
A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "query" parameter.
network
dynpg CWE-79
3.5
3.5
2021-03-23 CVE-2021-27530 Cross-site Scripting vulnerability in Dynpg 4.9.2
A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allow remote attacker to inject javascript via URI in /index.php.
network
dynpg CWE-79
3.5
3.5
2021-03-23 CVE-2021-27529 Cross-site Scripting vulnerability in Dynpg 4.9.2
A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "limit" parameter.
network
dynpg CWE-79
3.5
3.5
2021-03-23 CVE-2021-27528 Cross-site Scripting vulnerability in Dynpg 4.9.2
A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "refID" parameter.
network
dynpg CWE-79
3.5
3.5
2021-03-23 CVE-2021-27527 Cross-site Scripting vulnerability in Dynpg 4.9.2
A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "valueID" parameter.
network
dynpg CWE-79
3.5
3.5
2021-03-23 CVE-2021-27526 Cross-site Scripting vulnerability in Dynpg 4.9.2
A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "page" parameter.
network
dynpg CWE-79
3.5
3.5
2010-12-06 CVE-2010-4401 Information Exposure vulnerability in Dynpg 4.2.0
languages.inc.php in DynPG CMS 4.2.0 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message.
network
low complexity
dynpg CWE-200
5.0
5.0
2010-12-06 CVE-2010-4400 SQL Injection vulnerability in Dynpg 4.2.0
SQL injection vulnerability in _rights.php in DynPG CMS 4.2.0 allows remote attackers to execute arbitrary SQL commands via the giveRights_UserId parameter.
network
low complexity
dynpg CWE-89
7.5
7.5
2010-12-06 CVE-2010-4399 Path Traversal vulnerability in Dynpg 4.1.1/4.2.0
Directory traversal vulnerability in languages.inc.php in DynPG CMS 4.1.1 and 4.2.0, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a ..
network
dynpg CWE-22
4.3
4.3