CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2009-1367 – moziloCMS 1.11 - Local File Inclusion / Full Path Disclosure / Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-1367
22 Apr 2009 — Cross-site scripting (XSS) vulnerability in index.php in moziloCMS 1.11 allows remote attackers to inject arbitrary web script or HTML via the query parameter in search action, a different issue than CVE-2008-6127.2a. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en index.php en moziloCMS v1.11 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante el parámetro "query" en la acción de búsqueda, siendo una vulnerabilidad diferente que CVE-2008-6127.... • https://www.exploit-db.com/exploits/8394 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 2CVE-2009-1368 – moziloCMS 1.11 - Local File Inclusion / Full Path Disclosure / Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-1368
22 Apr 2009 — Directory traversal vulnerability in index.php in moziloCMS 1.11 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. NOTE: this might be the same issue as CVE-2008-6126.2, which may have been fixed in 1.10.3. Vulnerabilidad de salto de directorio en index.php en moziloCMS v1.11 permite a atacantes remotos leer ficheros de su elección al utilizar los caracteres .. (punto punto) en el parámetro "page". • https://www.exploit-db.com/exploits/8394 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2009-1369 – moziloCMS 1.11 - Local File Inclusion / Full Path Disclosure / Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-1369
22 Apr 2009 — moziloCMS 1.11 allows remote attackers to obtain sensitive information via the (1) gal[] parameter to gallery.php, (2) page[] and (3) cat[] parameter to index.php, or (4) file[] parameter to download.php, which reveals the installation path in an error message. moziloCMS v1.11 permite a atacantes remotos obtener información sensible mediante el parámetro (1) "gal[]" en gallery.php, los parámetros (2) "page[]" y () "cat[]" en index.php, o el parámetro (4) "file[]" en download.php, revelando la ruta de instal... • https://www.exploit-db.com/exploits/8394 • CWE-20: Improper Input Validation •