Vulnerabilities > Exv2 > Content Management System
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-08-15 | CVE-2007-4365 | Cross-Site Scripting vulnerability in Content Management System Cross-site scripting (XSS) vulnerability in eXV2 CMS 2.0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a set_lang cookie to an unspecified component. network exv2 | 4.3 |
2007-04-11 | CVE-2007-1966 | Improper Authentication vulnerability in Exv2 Content Management System 2.0.4.3 Session fixation vulnerability in eXV2 CMS 2.0.4.3 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID cookie. | 5.0 |
2007-04-11 | CVE-2007-1965 | Cross-Site Scripting vulnerability in EXV2 CMS Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS 2.0.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the set_lang parameter to (1) archive.php, (2) article.php, (3) index.php, or (4) topics.php. network exv2 | 4.3 |
2007-03-02 | CVE-2006-7080 | Input Validation vulnerability in EXV2 Directory traversal vulnerability in the avatar upload feature in exV2 2.0.4.3 and earlier allows remote attackers to delete arbitrary files via ".." sequences in the old_avatar parameter. network exv2 | 4.3 |
2007-03-02 | CVE-2006-7079 | Improper Control of Dynamically-Managed Code Resources vulnerability in Exv2 Content Management System Variable extraction vulnerability in include/common.php in exV2 2.0.4.3 and earlier allows remote attackers to overwrite arbitrary program variables and conduct directory traversal attacks to execute arbitrary code by modifying the $xoopsOption['pagetype'] variable. | 9.8 |
2006-09-27 | CVE-2006-5030 | SQL Injection vulnerability in ExV2 SQL injection vulnerability in modules/messages/index.php in exV2 2.0.4.3 and earlier allows remote authenticated users to execute arbitrary SQL commands via the sort parameter. | 7.5 |