Jcow
by Jcow
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2011-3203 | Cri | 0.64 | 9.8 | 0.02 | Jan 14, 2020 | A Code Execution vulnerability exists the attachment parameter to index.php in Jcow CMS 4.x to 4.2 and 5.2 to 5.2. | ||
| CVE-2011-3202 | Med | 0.40 | 6.1 | 0.01 | Jan 14, 2020 | A Cross-Site Scripting (XSS) vulnerability exists in the g parameter to index.php in Jcow CMS 4.2 and earlier. | ||
| CVE-2011-3746 | 0.00 | — | 0.01 | Sep 23, 2011 | Jcow 4.2.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/default/page.tpl.php and certain other files. |
- risk 0.64cvss 9.8epss 0.02
A Code Execution vulnerability exists the attachment parameter to index.php in Jcow CMS 4.x to 4.2 and 5.2 to 5.2.
- risk 0.40cvss 6.1epss 0.01
A Cross-Site Scripting (XSS) vulnerability exists in the g parameter to index.php in Jcow CMS 4.2 and earlier.
- CVE-2011-3746Sep 23, 2011risk 0.00cvss —epss 0.01
Jcow 4.2.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/default/page.tpl.php and certain other files.