Vulnerabilities > Oxwall > Oxwall > 1.1.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-11-02 | CVE-2015-5534 | Cross-Site Request Forgery (CSRF) vulnerability in Oxwall Multiple cross-site request forgery (CSRF) vulnerabilities in Oxwall before 1.8 allow remote attackers to hijack the authentication of administrators for requests that (1) put the website under maintenance via the maintenance_enable parameter or (2) conduct cross-site scripting (XSS) attacks via the maintenance_text parameter to admin/pages/maintenance. | 6.8 |
2012-09-15 | CVE-2012-4928 | Cross-Site Scripting vulnerability in Oxwall 1.1.1 Cross-site scripting (XSS) vulnerability in ow_updates/index.php in Oxwall 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the plugin parameter. | 4.3 |
2012-03-19 | CVE-2012-0872 | Cross-Site Scripting vulnerability in Oxwall 1.1.1 Multiple cross-site scripting (XSS) vulnerabilities in OxWall 1.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) captchaField, (2) email, (3) form_name, (4) password, (5) realname, (6) repeatPassword, or (7) username parameters to Oxwall/join; (8) captcha, (9) email, (10) form_name, (11) from, or (12) subject parameters to Oxwall/contact; (13) tag parameter to Oxwall/blogs/browse-by-tag; or (14) PATH_INFO to Oxwall/photo/viewlist/tagged, (15) Oxwall/photo/viewlist, or (16) Oxwall/video/viewlist. | 4.3 |