Vulnerabilities > Xinha

DATE	CVE	VULNERABILITY TITLE	RISK
2017-07-29	CVE-2017-11723	Path Traversal vulnerability in Xinha 0.96 Directory traversal vulnerability in plugins/ImageManager/backend.php in Xinha 0.96, as used in Jojo 4.4.0, allows remote attackers to delete any folder via directory traversal sequences in the deld parameter. network low complexity xinha CWE-22	5.0
2010-05-12	CVE-2010-1916	Permissions, Privileges, and Access Controls vulnerability in multiple products The dynamic configuration feature in Xinha WYSIWYG editor 0.96 Beta 2 and earlier, as used in Serendipity 1.5.2 and earlier, allows remote attackers to bypass intended access restrictions and modify the configuration of arbitrary plugins via (1) crafted backend_config_secret_key_location and backend_config_hash parameters that are used in a SHA1 hash of a shared secret that can be known or externally influenced, which are not properly handled by the "Deprecated config passing" feature; or (2) crafted backend_data and backend_data[key_location] variables, which are not properly handled by the xinha_read_passed_data function. network low complexity xinha s9y CWE-264	7.5

Vulnerabilities > Xinha {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Xinha"}]}