CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2017-14197
https://notcve.org/view.php?id=CVE-2017-14197
An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. There are multiple reflected Cross-Site Scripting (XSS) issues in Matrix WYSIWYG plugins. Se ha descubierto un problema en Squiz Matrix en versiones anteriores a la 5.3.6.1 y en las versiones 5.4.x anteriores a la 5.4.1.3. Existen múltiples problemas de Cross-Site Scripting (XSS) reflejado en los plugins Matrix WYSIWYG. • http://devalias.net/devalias/2017/09/07/squiz-matrix-multiple-vulnerabilities • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2010-4901 – MySource Matrix - 'char_map.php' Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-4901
Multiple cross-site scripting (XSS) vulnerabilities in char_map.php in MySource Matrix 3.28.3 allow remote attackers to inject arbitrary web script or HTML via the (1) height or (2) width parameter. Varias vulnerabilidades de cross-site scripting (XSS) en char_map.php en MySource Matrix v3.28.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de los parámetros (1) altura o (2) anchura. • https://www.exploit-db.com/exploits/34609 http://osvdb.org/67838 http://secunia.com/advisories/41295 http://securityreason.com/securityalert/8439 http://www.packetstormsecurity.org/1009-advisories/ZSL-2010-4962.txt http://www.securityfocus.com/bid/43020 http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4962.php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 8EXPL: 0CVE-2006-5037
https://notcve.org/view.php?id=CVE-2006-5037
MySource Matrix after 3.8 allows remote attackers to use the application as an HTTP proxy server via a MIME encoded URL in the sq_content_src parameter to access arbitrary sites with the server's IP address and conduct cross-site scripting (XSS) attacks. NOTE: the researcher reports that "The vendor does not consider this a vulnerability. ** DISCUTIDA ** MySource Matrix after 3.8 permite a un atacante usar la aplicación como un servidor proxy HTTP a través de la codificación MIME de la URL en el parámetro sq_content_src para acceder a sitios de su elección con la dirección IP del servidor y dirigir ataques de secuencias de comandos de sitios cruzados (XSS). NOTA: el investigador divulga que “el vendedor no considera esto una vulnerabilidad.” • http://secunia.com/advisories/22060 http://securityreason.com/securityalert/1635 http://www.aushack.com/advisories/200607-mysourcematrix.txt http://www.securityfocus.com/archive/1/446722/100/0/threaded •
CVSS: 6.8EPSS: 1%CPEs: 2EXPL: 0CVE-2006-5036
https://notcve.org/view.php?id=CVE-2006-5036
MySource Matrix 3.8 and earlier, and MySource 2.x, allow remote attackers to use the application as an HTTP proxy server via the sq_remote_page_url parameter to access arbitrary sites with the server's IP address and conduct cross-site scripting (XSS) attacks. NOTE: the researcher reports that "The vendor does not consider this a vulnerability. ** DISCUTIDO ** MySource Matrix 3.8 y anteriores, y MySource 2.x, permite a un atacante remoto osar la palicación como un servidor proxy HTTP a través del parámetro sq_remote_page_url para acceder sitios de su elección con la dirección IP del servidor y dirigir ataques de secuencias de comandos de sitios cruzados (XSS). NOTA: el investigador dice que “el vendedor no considera esto una vulnerabilidad.” • http://secunia.com/advisories/22060 http://securityreason.com/securityalert/1635 http://www.aushack.com/advisories/200607-mysourcematrix.txt http://www.securityfocus.com/archive/1/446722/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/29112 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2006-4635
https://notcve.org/view.php?id=CVE-2006-4635
Unspecified vulnerability in MySource Classic 2.14.6, and possibly earlier, allows remote authenticated users, with superuser privileges, to inject arbitrary PHP code via unspecified vectors related to the Equation attribute in Web_Extensions - Notitia (I/II). NOTE: due to lack of details, it is not clear whether this issue is file inclusion, static code injection, or another type of issue. Vulnerabilidad no especificada en MySource Classic 2.14.6, y posiblemente anteriores, permite a usuarios remotos autenticados, con privilegios de superusuario, inyectar código PHP de su elección mediante vectores no especificados relacionados con el atributo Equation en Web_Extensions - Notitia (I/II). NOTA: debido a la falta de detalles, no está claro si este asunto es inclusión de fichero, inyección de código estático, u otro tipo de asunto. • http://classic.squiz.net/download/changelogs/change_log_2.14.8 http://secunia.com/advisories/21757 http://www.securityfocus.com/bid/19868 http://www.vupen.com/english/advisories/2006/3477 https://exchange.xforce.ibmcloud.com/vulnerabilities/28768 •