Vulnerabilities > Nexusphp > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-01-19 CVE-2022-46888 Cross-site Scripting vulnerability in Nexusphp 1.5
Multiple reflective cross-site scripting (XSS) vulnerabilities in NexusPHP before 1.7.33 allow remote attackers to inject arbitrary web script or HTML via the secret parameter in /login.php; q parameter in /user-ban-log.php; query parameter in /log.php; text parameter in /moresmiles.php; q parameter in myhr.php; or id parameter in /viewrequests.php.
network
low complexity
nexusphp CWE-79
6.1
6.1
2023-01-19 CVE-2022-46889 Cross-site Scripting vulnerability in Nexusphp 1.5
A persistent cross-site scripting (XSS) vulnerability in NexusPHP before 1.7.33 allows remote authenticated attackers to permanently inject arbitrary web script or HTML via the title parameter used in /subtitles.php.
network
low complexity
nexusphp CWE-79
5.4
5.4
2023-01-19 CVE-2022-46890 Unspecified vulnerability in Nexusphp 1.5
Weak access control in NexusPHP before 1.7.33 allows a remote authenticated user to edit any post in the forum (this is caused by a lack of checks performed by the /forums.php?action=post page).
network
low complexity
nexusphp
4.3
4.3
2017-08-31 CVE-2017-14070 Cross-site Scripting vulnerability in Nexusphp 1.5
Cross Site Scripting (XSS) exists in NexusPHP 1.5.beta5.20120707 via the PATH_INFO to ipsearch.php, related to PHP_SELF.
network
nexusphp CWE-79
4.3
4.3
2017-07-26 CVE-2017-11651 Cross-site Scripting vulnerability in Nexusphp 1.5
NexusPHP V1.5 has XSS via a javascript: or data: URL in a UBBCode url tag.
network
nexusphp CWE-79
4.3
4.3