Vulnerabilities > Xcms

DATE	CVE	VULNERABILITY TITLE	RISK
2008-01-04	CVE-2007-6652	Code Injection vulnerability in Xcms cpie.php in XCMS 1.83 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct direct static code injection attacks and execute arbitrary code via the testo_0 parameter in a cpie admin action to index.php, which writes to dati/generali/footer.dtb (aka the XCMS footer). network low complexity xcms CWE-94	7.5
2007-12-31	CVE-2007-6604	Path Traversal vulnerability in Xcms 1.82 Multiple directory traversal vulnerabilities in index.php in XCMS 1.82 and earlier allow remote attackers to read arbitrary files via a .. network low complexity xcms CWE-22	5.0
2007-09-24	CVE-2007-5060	Cross-Site Request Forgery (CSRF) vulnerability in Xcms Cross-site request forgery (CSRF) vulnerability in the cpass functionality in an admin action in index.php in XCMS allows remote attackers to change arbitrary passwords via certain password_ and rpassword_ parameters, possibly related to timestamp values. network xcms CWE-352	4.3

Vulnerabilities > Xcms {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Xcms"}]}