VYPR

Magpierss

by Magpierss

CVEs (4)

  • CVE-2005-3955Dec 1, 2005
    risk 0.03cvss epss 0.06

    Multiple cross-site scripting (XSS) vulnerabilities in MagpieRSS 7.1, as used in (a) blogBuddiesv 0.3, (b) Jaws 0.6.2, and possibly other products, allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) magpie_debug.php and (2) rss_url…

  • CVE-2021-28941Apr 2, 2021
    risk 0.00cvss epss 0.01

    Because of no validation on a curl command in MagpieRSS 0.72 in the /extlib/Snoopy.class.inc file, when you send a request to the /scripts/magpie_debug.php or /scripts/magpie_simple.php page, it's possible to request any internal page if you use a https request.

  • CVE-2021-28940Apr 2, 2021
    risk 0.00cvss epss 0.03

    Because of a incorrect escaped exec command in MagpieRSS in 0.72 in the /extlib/Snoopy.class.inc file, it is possible to add a extra command to the curl binary. This creates an issue on the /scripts/magpie_debug.php and /scripts/magpie_simple.php page that if you send a specific…

  • CVE-2006-4735Sep 13, 2006
    risk 0.00cvss epss 0.01

    Kellan Elliott-McCrea MagpieRSS allows remote attackers to obtain sensitive information via a direct request for (1) rss_fetch.inc.php or (2) rss_parse.inc.php, which reveals the path in various error messages.