CVSS: 6.1EPSS: 1%CPEs: 2EXPL: 1CVE-2020-24902
https://notcve.org/view.php?id=CVE-2020-24902
07 Jan 2021 — Quixplorer <=2.4.1 is vulnerable to reflected cross-site scripting (XSS) caused by improper validation of user supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. Quixplorer versiones anteriores a 2.4.1, es susceptible a una vulnerabilidad... • https://dl.packetstormsecurity.net/1804-exploits/quixplorer241beta-xss.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2013-1642
https://notcve.org/view.php?id=CVE-2013-1642
02 Jan 2020 — Multiple cross-site scripting (XSS) vulnerabilities in QuiXplorer before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via the (1) dir, (2) item, (3) order, (4) searchitem, (5) selitems[], or (6) srt parameter to index.php or (7) the QUERY_STRING to index.php. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en QuiXplorer versiones anteriores a la versión 2.5.5, permiten a atacantes remotos inyectar script web o HTML arbitrario por medio del parámetro (1) dir, (2) item, (3... • https://exchange.xforce.ibmcloud.com/vulnerabilities/89056 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 2CVE-2013-1641
https://notcve.org/view.php?id=CVE-2013-1641
26 Oct 2014 — Directory traversal vulnerability in the zip download functionality in QuiXplorer before 2.5.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the selitems[] parameter in a download_selected action to index.php. Vulnerabilidad de salto de directorio en la funcionalidad de descarga de zip en QuiXplorer anterior a 2.5.5 permite a atacantes remotos leer ficheros arbitrarios a través de un .. (punto punto) en el parámetro selitems[] en una acción download_selected en index.php. • http://secunia.com/advisories/55725 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 5%CPEs: 20EXPL: 2CVE-2011-5005 – QuiXplorer 2.3 - Bugtraq Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2011-5005
25 Dec 2011 — Unrestricted file upload vulnerability in QuiXplorer 2.3 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension using the upload action to index.php, then accessing it via a direct request to the file in an unspecified directory. Vulnerabilidad de subida no restringida de ficheros en QuiXplorer v2.3 y anteriores permite a atacantes remotos ejecutar código de su elección al subir un fichero con una extensión ejecutable usando la opción de subir en index... • https://www.exploit-db.com/exploits/18118 •
CVSS: 9.8EPSS: 13%CPEs: 69EXPL: 2CVE-2009-1911 – TinyWebGallery 1.7.6 - Local File Inclusion / Remote Code Execution
https://notcve.org/view.php?id=CVE-2009-1911
04 Jun 2009 — Directory traversal vulnerability in .include/init.php (aka admin/_include/init.php) in QuiXplorer 2.3.2 and earlier, as used in TinyWebGallery (TWG) 1.7.6 and earlier, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to admin/index.php. Vulnerabilidad de salto de directorio en .include/init.php (también conocido como admin/_include/init.php) en QuiXplorer v2.3.2 y anteriores, utilizado en TinyWebGallery v1.7.6 y anteriores, permite a los atacante... • https://www.exploit-db.com/exploits/8649 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •