CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 3CVE-2008-6174 – Jetbox CMS 2.1 - 'liste' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-6174
Cross-site scripting (XSS) vulnerability in admin/postlister/index.php in Jetbox CMS 2.1 allows remote attackers to inject arbitrary web script or HTML via the liste parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados(XSS) en admin/postlister/index.php en Jetbox CMS v2.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a su elección a través del parámetro "liste". • https://www.exploit-db.com/exploits/32525 http://www.digitrustgroup.com/advisories/web-application-security-jetbox2.html http://www.securityfocus.com/bid/31890 https://exchange.xforce.ibmcloud.com/vulnerabilities/46082 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 3CVE-2008-4651 – Jetbox CMS 2.1 - '/admin/cms/nav.php?nav_id' SQL Injection
https://notcve.org/view.php?id=CVE-2008-4651
Multiple SQL injection vulnerabilities in Jetbox CMS 2.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) orderby parameter to admin/cms/images.php and the (2) nav_id parameter in an editrecord action to admin/cms/nav.php. Múltiples vulnerabilidades de inyección SQL en Jetbox CMS 2.1, que permite a los usuarios remotos autentificados ejecutar arbitrariamente comandos SQL a través del (1) parámetro ORDERBY para el archivo admin/cms/images.php y el (2) parámetro nav_id en una acción editrecord para el archivo admin/cms/nav.php. • https://www.exploit-db.com/exploits/32496 https://www.exploit-db.com/exploits/32495 http://www.digitrustgroup.com/advisories/web-application-security-jetbox http://www.securityfocus.com/bid/31824 https://exchange.xforce.ibmcloud.com/vulnerabilities/45986 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 3CVE-2007-2686 – Jetbox CMS 2.1 - Login Variable Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-2686
Cross-site scripting (XSS) vulnerability in index.php in Jetbox CMS 2.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter in a sendpwd task. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en index.php de Jetbox CMS 2.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro login en una tarea (task) sendpwd. Jetbox CMS is susceptible to a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/30068 http://marc.info/?l=full-disclosure&m=117981938101135&w=2 http://www.netvigilance.com/advisory0029 http://www.osvdb.org/34791 http://www.securityfocus.com/archive/1/469233/100/0/threaded http://www.securityfocus.com/bid/24095 https://exchange.xforce.ibmcloud.com/vulnerabilities/34415 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 2CVE-2007-2684
https://notcve.org/view.php?id=CVE-2007-2684
Jetbox CMS 2.1 allows remote attackers to obtain sensitive information via (1) a direct request to (a) main_page.php, (b) open_tree.php, and (c) outputs.php; (2) a malformed view parameter to index.php, as demonstrated with an SQL injection manipulation; or (3) the id[] parameter to admin/cms/opentree.php, which reveals the installation path in the resulting error message. Jetbox CMS 2.1 permite a atacantes remotos obtener información sensible a través de (1) una respuesta directa en (a) main_page.php, (b) open_tree.php, y (c) outputs.php; (a) un parámetro view mal formado en index.php, como se demostró con una manipulación SQL; o (3)el parámetro id[] en admin/cms/opentree.php, lo cual revela la ruta de instalación en el mensaje resutaldo de error. • http://marc.info/?l=full-disclosure&m=117974375029054&w=2 http://osvdb.org/34787 http://osvdb.org/34788 http://osvdb.org/34789 http://osvdb.org/34790 http://www.netvigilance.com/advisory0027 http://www.osvdb.org/34783 http://www.securityfocus.com/archive/1/469222/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/34385 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3CVE-2007-2685 – Jetbox CMS 2.1 - Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2007-2685
Multiple SQL injection vulnerabilities in index.php in Jetbox CMS 2.1 allow remote attackers to execute arbitrary SQL commands via the (1) view or (2) login parameter. Múltiples vulnerabilidades de inyección SQL en index.php en Jetbox CMS 2.1 permite a atacantes remotos ejecutar comandos SQL de su elección a través de los parámetros (1) view o (2) login. Jetbox CMS version 2.1 suffers from multiple SQL injection vulnerabilities. • https://www.exploit-db.com/exploits/30066 http://marc.info/?l=full-disclosure&m=117974433216496&w=2 http://www.netvigilance.com/advisory0028 http://www.osvdb.org/34784 http://www.securityfocus.com/archive/1/469223/100/0/threaded http://www.securityfocus.com/bid/24077 https://exchange.xforce.ibmcloud.com/vulnerabilities/34387 •