Sign in Get started

← All vendors

Vendor

Squiz

Sign in to watch

Products

3

CVEs

6

Across products

28

Status

Private

Products

3

Matrix
16 CVEs
Mysource Matrix
10 CVEs
Mysource Classic
2 CVEs

Recent CVEs

6

CVE	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2017-14198	Hig	0.57	8.8	0.01		Nov 30, 2017	An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. Authenticated users with permissions to edit design assets can cause Remote Code Execution (RCE) via a maliciously crafted time_format tag.
CVE-2017-14197	Med	0.40	6.1	0.00		Nov 30, 2017	An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. There are multiple reflected Cross-Site Scripting (XSS) issues in Matrix WYSIWYG plugins.
CVE-2010-4901		0.03	—	0.06		Oct 8, 2011	Multiple cross-site scripting (XSS) vulnerabilities in char_map.php in MySource Matrix 3.28.3 allow remote attackers to inject arbitrary web script or HTML via the (1) height or (2) width parameter.
CVE-2006-5037		0.00	—	0.02		Sep 27, 2006	MySource Matrix after 3.8 allows remote attackers to use the application as an HTTP proxy server via a MIME encoded URL in the sq_content_src parameter to access arbitrary sites with the server's IP address and conduct cross-site scripting (XSS) attacks. NOTE: the researcher reports that "The vendor does not consider this a vulnerability.
CVE-2006-5036		0.00	—	0.02		Sep 27, 2006	MySource Matrix 3.8 and earlier, and MySource 2.x, allow remote attackers to use the application as an HTTP proxy server via the sq_remote_page_url parameter to access arbitrary sites with the server's IP address and conduct cross-site scripting (XSS) attacks. NOTE: the researcher reports that "The vendor does not consider this a vulnerability.
CVE-2006-4635		0.00	—	0.01		Sep 8, 2006	Unspecified vulnerability in MySource Classic 2.14.6, and possibly earlier, allows remote authenticated users, with superuser privileges, to inject arbitrary PHP code via unspecified vectors related to the Equation attribute in Web_Extensions - Notitia (I/II). NOTE: due to lack of details, it is not clear whether this issue is file inclusion, static code injection, or another type of issue.