Vulnerabilities > Xpressengine

DATE	CVE	VULNERABILITY TITLE	RISK
2023-02-07	CVE-2011-10003	SQL Injection vulnerability in Xpressengine A vulnerability was found in XpressEngine up to 1.4.4. network low complexity xpressengine CWE-89 critical	9.8
2023-01-20	CVE-2021-26642	Unrestricted Upload of File with Dangerous Type vulnerability in Xpressengine When uploading an image file to a bulletin board developed with XpressEngine, a vulnerability in which an arbitrary file can be uploaded due to insufficient verification of the file. network low complexity xpressengine CWE-434 critical	9.8
2022-02-09	CVE-2021-44911	Cross-site Scripting vulnerability in Xpressengine XE before 1.11.6 is vulnerable to Unrestricted file upload via modules/menu/menu.admin.controller.php. network xpressengine CWE-79	3.5
2022-02-09	CVE-2021-44912	Cross-site Scripting vulnerability in Xpressengine In XE 1.116, when uploading the Normal button, there is no restriction on the file suffix, which leads to any file uploading to the files directory. network xpressengine CWE-79	3.5
2010-05-04	CVE-2009-4834	Code Injection vulnerability in Xpressengine Zeroboard 4.1 lib.php in Zeroboard 4.1 pl7 allows remote attackers to execute arbitrary PHP code via a crafted parameter name, possibly related to now_connect.php. network xpressengine CWE-94	6.8

Vulnerabilities > Xpressengine {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Xpressengine"}]}