Medium severity6.1NVD Advisory· Published Sep 7, 2017· Updated Jun 17, 2026
CVE-2017-12906
CVE-2017-12906
Description
Multiple cross-site scripting (XSS) vulnerabilities in NexusPHP allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) cheaters.php or (2) confirm_resend.php.
Affected products
2cpe:2.3:a:nexusphp_project:nexusphp:1.5:beta5.20120707:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:nexusphp_project:nexusphp:1.5:beta5.20120707:*:*:*:*:*:*
- (no CPE)
Patches
Vulnerability mechanics
References
2- loid.online/cve/cve.txtnvdExploitThird Party AdvisoryURL Repurposed
- www.sstrunk.com/cve/confirm_resend.htmlnvdThird Party Advisory
News mentions
0No linked articles in our index yet.