Vulnerabilities > Nexusphp Project

DATE CVE VULNERABILITY TITLE RISK
2017-10-15 CVE-2017-15305 Cross-site Scripting vulnerability in Nexusphp Project Nexusphp 1.5
XSS exists in NexusPHP 1.5 via the keyword parameter to messages.php.
network
low complexity
nexusphp-project CWE-79
6.1
2017-10-03 CVE-2017-12792 Cross-site Scripting vulnerability in Nexusphp Project Nexusphp 1.5
Multiple cross-site request forgery (CSRF) vulnerabilities in NexusPHP 1.5 allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) linkname, (2) url, or (3) title parameter in an add action to linksmanage.php.
network
low complexity
nexusphp-project CWE-79
6.1
2017-09-18 CVE-2017-14534 Cross-site Scripting vulnerability in Nexusphp Project Nexusphp 1.5
Cross Site Scripting (XSS) exists in NexusPHP 1.5.beta5.20120707 via the PATH_INFO to location.php, related to PHP_SELF.
network
low complexity
nexusphp-project CWE-79
6.1
2017-09-17 CVE-2017-14512 SQL Injection vulnerability in Nexusphp Project Nexusphp 1.5
NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an editforum action, a different vulnerability than CVE-2017-12981.
network
low complexity
nexusphp-project CWE-89
critical
9.8
2017-09-12 CVE-2017-14347 Cross-site Scripting vulnerability in Nexusphp Project Nexusphp 1.5
NexusPHP 1.5.beta5.20120707 has XSS in the returnto parameter to fun.php in a delete action.
network
low complexity
nexusphp-project CWE-79
6.1
2017-09-07 CVE-2017-12906 Cross-site Scripting vulnerability in Nexusphp Project Nexusphp 1.5
Multiple cross-site scripting (XSS) vulnerabilities in NexusPHP allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) cheaters.php or (2) confirm_resend.php.
network
low complexity
nexusphp-project CWE-79
6.1
2017-09-07 CVE-2017-12838 Cross-Site Request Forgery (CSRF) vulnerability in Nexusphp Project Nexusphp 1.5
Cross-site request forgery (CSRF) vulnerability in NexusPHP 1.5 allows remote attackers to hijack the authentication of users for requests that (1) send manas via a request to mybonus.php or (2) add administrators via unspecified vectors.
network
low complexity
nexusphp-project CWE-352
8.8
2017-08-18 CVE-2017-12776 SQL Injection vulnerability in Nexusphp Project Nexusphp 1.5
SQL injection vulnerability in reports.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the delreport parameter.
network
low complexity
nexusphp-project CWE-89
critical
9.8
2017-08-18 CVE-2017-12680 Cross-site Scripting vulnerability in Nexusphp Project Nexusphp 1.5
Cross-Site Scripting (XSS) exists in NexusPHP 1.5 via the type parameter to shoutbox.php.
network
low complexity
nexusphp-project CWE-79
6.1
2017-08-17 CVE-2017-12910 SQL Injection vulnerability in Nexusphp Project Nexusphp 1.5
SQL injection vulnerability in massmail.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the or parameter.
network
low complexity
nexusphp-project CWE-89
critical
9.8