VYPR

Nucleus CMS

by Nucleus Cms

CVEs (5)

  • CVE-2008-0497Jan 30, 2008
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in action.php in Nucleus CMS 3.31 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO, which is not quoted when processing PHP_SELF.

  • CVE-2007-5429Oct 12, 2007
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in index.php in Nucleus 3.01 allows remote attackers to inject arbitrary web script or HTML via the archive parameter.

  • CVE-2015-5454Jul 8, 2015
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Nucleus CMS allows remote attackers to inject arbitrary web script or HTML via the title parameter when adding a new item.

  • CVE-2011-3760Sep 24, 2011
    risk 0.00cvss epss 0.00

    Nucleus 3.61 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by xmlrpc/api_nucleus.inc.php and certain other files.

  • CVE-2006-6920Jan 11, 2007
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Nucleus before 3.24 allows remote attackers to inject arbitrary web script or HTML via unknown vectors, possibly involving (1) lib/ADMIN.php and (2) lib/SKIN.php.