CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2020-24902
https://notcve.org/view.php?id=CVE-2020-24902
Quixplorer <=2.4.1 is vulnerable to reflected cross-site scripting (XSS) caused by improper validation of user supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. Quixplorer versiones anteriores a 2.4.1, es susceptible a una vulnerabilidad de tipo cross-site scripting (XSS) reflejado causado por una comprobación inapropiada de la entrada suministrada por el usuario. Un atacante remoto podría explotar esta vulnerabilidad usando una URL especialmente diseñada para ejecutar un script en el navegador Web de la víctima dentro del contexto de seguridad del sitio Web de hosting, una vez que la URL es cliqueada. • https://dl.packetstormsecurity.net/1804-exploits/quixplorer241beta-xss.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2013-1642
https://notcve.org/view.php?id=CVE-2013-1642
Multiple cross-site scripting (XSS) vulnerabilities in QuiXplorer before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via the (1) dir, (2) item, (3) order, (4) searchitem, (5) selitems[], or (6) srt parameter to index.php or (7) the QUERY_STRING to index.php. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en QuiXplorer versiones anteriores a la versión 2.5.5, permiten a atacantes remotos inyectar script web o HTML arbitrario por medio del parámetro (1) dir, (2) item, (3) order, (4) searchitem, (5) selitems[], o (6) srt en el archivo index.php o (7) del parámetro QUERY_STRING en el archivo index.php. • https://exchange.xforce.ibmcloud.com/vulnerabilities/89056 https://github.com/realtimeprojects/quixplorer https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-030.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 8%CPEs: 1EXPL: 2CVE-2013-1641
https://notcve.org/view.php?id=CVE-2013-1641
Directory traversal vulnerability in the zip download functionality in QuiXplorer before 2.5.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the selitems[] parameter in a download_selected action to index.php. Vulnerabilidad de salto de directorio en la funcionalidad de descarga de zip en QuiXplorer anterior a 2.5.5 permite a atacantes remotos leer ficheros arbitrarios a través de un .. (punto punto) en el parámetro selitems[] en una acción download_selected en index.php. • http://secunia.com/advisories/55725 https://exchange.xforce.ibmcloud.com/vulnerabilities/89059 https://github.com/realtimeprojects/quixplorer https://github.com/realtimeprojects/quixplorer/blob/v2.5.5/doc/RELEASES.md https://github.com/realtimeprojects/quixplorer/commit/7ac119cebd3b6bfe16a30fd1d5290127310a4436 https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-030.txt • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •