Skip to main content

Pixie

8 CVEs product

Monthly

CVE-2019-10766 PHP CRITICAL POC PATCH Act Now

Pixie versions 1.0.x before 1.0.3, and 2.0.x before 2.0.2 allow SQL Injection in the limit() function due to improper sanitization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Pixie
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2017-7402 CRITICAL POC Act Now

Pixie 1.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via the POST data in an admin/index.php?s=publish&x=filemanager request for a filename with a double extension,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP Pixie
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
9.3%
CVE-2017-7363 MEDIUM POC This Month

Pixie 1.0.4 allows an admin/index.php s=publish&m=module&x= XSS attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Pixie
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-7362 MEDIUM POC This Month

Pixie 1.0.4 allows an admin/index.php s=publish&m=dynamic&x= XSS attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Pixie
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-7361 MEDIUM POC This Month

Pixie 1.0.4 allows an admin/index.php s=publish&m=static&x= XSS attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Pixie
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-7360 MEDIUM POC This Month

Pixie 1.0.4 allows an admin/index.php s=settings&x= XSS attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Pixie
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-7359 MEDIUM POC This Month

Pixie 1.0.4 allows an admin/index.php s=login&m= XSS attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Pixie
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2014-3786 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the contact module (admin/modules/contact.php) in Pixie CMS 1.04 allow remote attackers to inject arbitrary web script or HTML via the (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Pixie
NVD
CVSS 2.0
4.3
EPSS
0.2%
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

Pixie versions 1.0.x before 1.0.3, and 2.0.x before 2.0.2 allow SQL Injection in the limit() function due to improper sanitization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Pixie
NVD
EPSS 9% CVSS 9.8
CRITICAL POC Act Now

Pixie 1.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via the POST data in an admin/index.php?s=publish&x=filemanager request for a filename with a double extension,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP +1
NVD Exploit-DB
EPSS 0% CVSS 6.1
MEDIUM POC This Month

Pixie 1.0.4 allows an admin/index.php s=publish&m=module&x= XSS attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Pixie
NVD
EPSS 0% CVSS 6.1
MEDIUM POC This Month

Pixie 1.0.4 allows an admin/index.php s=publish&m=dynamic&x= XSS attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Pixie
NVD
EPSS 0% CVSS 6.1
MEDIUM POC This Month

Pixie 1.0.4 allows an admin/index.php s=publish&m=static&x= XSS attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Pixie
NVD
EPSS 0% CVSS 6.1
MEDIUM POC This Month

Pixie 1.0.4 allows an admin/index.php s=settings&x= XSS attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Pixie
NVD
EPSS 0% CVSS 6.1
MEDIUM POC This Month

Pixie 1.0.4 allows an admin/index.php s=login&m= XSS attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Pixie
NVD
EPSS 0% CVSS 4.3
MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the contact module (admin/modules/contact.php) in Pixie CMS 1.04 allow remote attackers to inject arbitrary web script or HTML via the (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Pixie
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy