VYPR

Wikindx

by Wikindx

CVEs (6)

  • CVE-2021-3340MedFeb 1, 2021
    risk 0.40cvss 6.1epss 0.01

    A cross-site scripting (XSS) vulnerability in many forms of Wikindx before 5.7.0 and 6.x through 6.4.0 allows remote attackers to inject arbitrary web script or HTML via the message parameter to index.php?action=initLogon or modules/admin/DELETEIMAGES.php.

  • CVE-2019-13588MedJul 26, 2019
    risk 0.40cvss 6.1epss 0.01

    A cross-site scripting (XSS) vulnerability in getPagingStart() in core/lists/PAGING.php in WIKINDX before 5.8.2 allows remote attackers to inject arbitrary web script or HTML via the PagingStart parameter.

  • CVE-2019-12930MedJul 8, 2019
    risk 0.40cvss 6.1epss 0.01

    A cross-site scripting (XSS) vulnerability in noMenu() and noSubMenu() in core/navigation/MENU.php in WIKINDX prior to version 5.8.1 allows remote attackers to inject arbitrary web script or HTML via the method parameter.

  • CVE-2019-9961MedMar 26, 2019
    risk 0.40cvss 6.1epss 0.01

    A cross-site scripting (XSS) vulnerability in ressource view in core/modules/resource/RESOURCEVIEW.php in Wikindx prior to version 5.7.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.

  • CVE-2007-3277Jun 19, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the localization before 1.2 module for WIKINDX allows attackers to access certain administrative capabilities via unknown vectors.

  • CVE-2004-2506Dec 31, 2004
    risk 0.00cvss epss 0.01

    Unparsed web content delivery vulnerability in WIKINDX before 0.9.9g allows remote attackers to obtain sensitive information via a direct HTTP request to the config.inc file.