Vulnerabilities > Nukeviet > Nukeviet > 3.2.00

DATE CVE VULNERABILITY TITLE RISK
2022-11-13 CVE-2022-3975 Improper Enforcement of Message or Data Structure vulnerability in Nukeviet
A vulnerability, which was classified as problematic, has been found in NukeViet CMS.
network
low complexity
nukeviet CWE-707
6.1
6.1
2022-06-21 CVE-2022-30874 Cross-site Scripting vulnerability in Nukeviet
There is a Cross Site Scripting Stored (XSS) vulnerability in NukeViet CMS before 4.5.02.
network
nukeviet CWE-79
3.5
3.5
2020-12-31 CVE-2019-7726 SQL Injection vulnerability in Nukeviet
modules/banners/funcs/click.php in NukeViet before 4.3.04 has a SQL INSERT statement with raw header data from an HTTP request (e.g., Referer and User-Agent).
network
low complexity
nukeviet CWE-89
7.5
7.5
2020-12-31 CVE-2019-7725 Deserialization of Untrusted Data vulnerability in Nukeviet
includes/core/is_user.php in NukeViet before 4.3.04 deserializes the untrusted nvloginhash cookie (i.e., the code relies on PHP's serialization format when JSON can be used to eliminate the risk).
network
low complexity
nukeviet CWE-502
7.5
7.5