Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: nexusphp Clear
ID Title
CVE-2017-15305 XSS exists in NexusPHP 1.5 via the keyword parameter to messages.php.
XSS exists in NexusPHP 1.5 via the keyword parameter to messages.php.
CVE-2017-12792 Cross-Site Scripting (XSS) in csrf (CVE-2017-12792)
cross-site scripting in csrf (CVE-2017-12792). Risk of unauthorized operations or information disclosure.
CVE-2017-14534 Cross-Site Scripting (XSS) in nexusphp-project (CVE-2017-14534)
cross-site scripting in nexusphp-project (CVE-2017-14534). Risk of unauthorized operations or information disclosure.
CVE-2017-14512 SQL Injection in sqli (CVE-2017-14512)
SQL injection in sqli (CVE-2017-14512). Successful exploitation can lead to full system takeover.
CVE-2017-14347 NexusPHP 1.5.beta5.20120707 has XSS in the returnto parameter to fun.php in a delete action.
NexusPHP 1.5.beta5.20120707 has XSS in the returnto parameter to fun.php in a delete action.
CVE-2017-12906 Cross-Site Scripting (XSS) in nexusphp-project (CVE-2017-12906)
cross-site scripting in nexusphp-project (CVE-2017-12906). Risk of unauthorized operations or information disclosure.
CVE-2017-12838 Cross-Site Request Forgery (CSRF) in csrf (CVE-2017-12838)
vulnerability in csrf (CVE-2017-12838). Successful exploitation can lead to full system takeover.
CVE-2017-14076 SQL Injection in sqli (CVE-2017-14076)
SQL injection in sqli (CVE-2017-14076). Successful exploitation can lead to full system takeover.
CVE-2017-14070 Cross-Site Scripting (XSS) in nexusphp (CVE-2017-14070)
cross-site scripting in nexusphp (CVE-2017-14070). Risk of unauthorized operations or information disclosure.
CVE-2017-14069 SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the usernw array parameter to nowarn.php.
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the usernw array parameter to nowarn.php.
CVE-2017-12679 SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the delcheater parameter to cheaterbox.php.
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the delcheater parameter to cheaterbox.php.
CVE-2017-13669 SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the setanswered parameter to staffbox.php.
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the setanswered parameter to staffbox.php.
CVE-2017-12981 SQL Injection in sqli (CVE-2017-12981)
SQL injection in sqli (CVE-2017-12981). Successful exploitation can lead to full system takeover.
CVE-2017-12776 SQL Injection in sqli (CVE-2017-12776)
SQL injection in sqli (CVE-2017-12776). Successful exploitation can lead to full system takeover.
CVE-2017-12680 Cross-Site Scripting (XSS) exists in NexusPHP 1.5 via the type parameter to shoutbox.php.
Cross-Site Scripting (XSS) exists in NexusPHP 1.5 via the type parameter to shoutbox.php.
CVE-2017-12910 SQL Injection in sqli (CVE-2017-12910)
SQL injection in sqli (CVE-2017-12910). Successful exploitation can lead to full system takeover.
CVE-2017-12909 SQL Injection in sqli (CVE-2017-12909)
SQL injection in sqli (CVE-2017-12909). Successful exploitation can lead to full system takeover.
CVE-2017-12908 SQL Injection in sqli (CVE-2017-12908)
SQL injection in sqli (CVE-2017-12908). Successful exploitation can lead to full system takeover.
CVE-2017-12907 Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the url path to usersearch.php.
Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the url path to usersearch.php.
CVE-2017-12798 Cross-Site Scripting (XSS) in nexusphp-project (CVE-2017-12798)
cross-site scripting in nexusphp-project (CVE-2017-12798). Risk of unauthorized operations or information disclosure.
CVE-2017-12777 Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via some parameter to usersearch.php.
Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via some parameter to usersearch.php.
CVE-2017-12655 Cross-Site Scripting (XSS) in nexusphp-project (CVE-2017-12655)
cross-site scripting in nexusphp-project (CVE-2017-12655). Risk of unauthorized operations or information disclosure.
CVE-2017-11651 NexusPHP V1.5 has XSS via a javascript: or data: URL in a UBBCode url tag.
NexusPHP V1.5 has XSS via a javascript: or data: URL in a UBBCode url tag.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →