Vulnerabilities > Phpmywind > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-14 | CVE-2020-19964 | Cross-Site Request Forgery (CSRF) vulnerability in PHPmywind 5.6 A Cross Site Request Forgery (CSRF) vulnerability was discovered in PHPMyWind 5.6 which allows attackers to create a new administrator account without authentication. | 6.5 |
| 2021-05-27 | CVE-2020-18229 | Cross-site Scripting vulnerability in PHPmywind 5.5 Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers to execute arbitrary code by injecting scripts into the parameter "$cfg_copyright" of component " /admin/web_config.php". | 4.8 |
| 2021-05-27 | CVE-2020-18230 | Cross-site Scripting vulnerability in PHPmywind 5.5 Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers to execute arbitrary code by injecting scripts into the parameter "$cfg_switchshow" of component " /admin/web_config.php". | 4.8 |
| 2019-09-23 | CVE-2019-16704 | Cross-site Scripting vulnerability in PHPmywind 5.6 admin/infoclass_update.php in PHPMyWind 5.6 has stored XSS. | 4.8 |
| 2019-09-23 | CVE-2019-16703 | Cross-site Scripting vulnerability in PHPmywind 5.6 admin/infolist_add.php in PHPMyWind 5.6 has stored XSS. | 6.1 |
| 2019-03-07 | CVE-2019-7661 | Cross-site Scripting vulnerability in PHPmywind An issue was discovered in PHPMyWind 5.5. | 6.1 |
| 2019-03-07 | CVE-2019-7660 | Cross-site Scripting vulnerability in PHPmywind An issue was discovered in PHPMyWind 5.5. | 6.1 |
| 2019-02-18 | CVE-2019-8435 | Cross-site Scripting vulnerability in PHPmywind 5.5 admin/default.php in PHPMyWind v5.5 has XSS via an HTTP Host header. | 4.8 |
| 2019-02-05 | CVE-2019-7403 | Path Traversal vulnerability in PHPmywind 5.5 An issue was discovered in PHPMyWind 5.5. | 4.9 |
| 2019-02-05 | CVE-2019-7402 | Cross-site Scripting vulnerability in PHPmywind 5.5 An issue was discovered in PHPMyWind 5.5. | 6.1 |