Search Results

There are 24 CVE Records that match your search.
Name Description
CVE-2017-15305 XSS exists in NexusPHP 1.5 via the keyword parameter to messages.php.
CVE-2017-14534 Cross Site Scripting (XSS) exists in NexusPHP 1.5.beta5.20120707 via the PATH_INFO to location.php, related to PHP_SELF.
CVE-2017-14512 NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an editforum action, a different vulnerability than CVE-2017-12981.
CVE-2017-14347 NexusPHP 1.5.beta5.20120707 has XSS in the returnto parameter to fun.php in a delete action.
CVE-2017-14076 SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the id parameter to linksmanage.php in an editlink action.
CVE-2017-14070 Cross Site Scripting (XSS) exists in NexusPHP 1.5.beta5.20120707 via the PATH_INFO to ipsearch.php, related to PHP_SELF.
CVE-2017-14069 SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the usernw array parameter to nowarn.php.
CVE-2017-13669 SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the setanswered parameter to staffbox.php.
CVE-2017-12981 NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an addforum action.
CVE-2017-12910 SQL injection vulnerability in massmail.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the or parameter.
CVE-2017-12909 SQL injection vulnerability in modtask.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the userid parameter.
CVE-2017-12908 SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the conusr parameter.
CVE-2017-12907 Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the url path to usersearch.php.
CVE-2017-12906 Multiple cross-site scripting (XSS) vulnerabilities in NexusPHP allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) cheaters.php or (2) confirm_resend.php.
CVE-2017-12838 Cross-site request forgery (CSRF) vulnerability in NexusPHP 1.5 allows remote attackers to hijack the authentication of users for requests that (1) send manas via a request to mybonus.php or (2) add administrators via unspecified vectors.
CVE-2017-12798 Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the q parameter to searchsuggest.php.
CVE-2017-12792 Multiple cross-site request forgery (CSRF) vulnerabilities in NexusPHP 1.5 allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) linkname, (2) url, or (3) title parameter in an add action to linksmanage.php.
CVE-2017-12777 Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via some parameter to usersearch.php.
CVE-2017-12776 SQL injection vulnerability in reports.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the delreport parameter.
CVE-2017-12680 Cross-Site Scripting (XSS) exists in NexusPHP 1.5 via the type parameter to shoutbox.php.
CVE-2017-12679 SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the delcheater parameter to cheaterbox.php.
CVE-2017-12655 Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the query parameter to log.php in a dailylog action.
CVE-2017-11651 NexusPHP V1.5 has XSS via a javascript: or data: URL in a UBBCode url tag.
CVE-2011-4026 SQL injection vulnerability in thanks.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
  
You can also search by reference using the CVE Reference Maps.
For More Information:  CVE Request Web Form (select “Other” from dropdown)