CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0605
https://notcve.org/view.php?id=CVE-2018-0605
26 Jun 2018 — Cross-site scripting vulnerability in Pixelpost v1.7.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de Cross-Site Scripting (XSS) en Pixelpost, en versiones 1.7.3 y anteriores, permite que los atacantes inyecten scripts web o HTML arbitrarios utilizando vectores no especificados. • http://jvn.jp/en/jp/JVN27978559/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2008-0358 – PixelPost 1.7 - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2008-0358
18 Jan 2008 — SQL injection vulnerability in index.php in Pixelpost 1.7 allows remote attackers to execute arbitrary SQL commands via the parent_id parameter. Vulnerabilidad de inyección SQL en index.php de Pixelpost 1.7 permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro parent_id. • https://www.exploit-db.com/exploits/4924 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •