CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0605
https://notcve.org/view.php?id=CVE-2018-0605
Cross-site scripting vulnerability in Pixelpost v1.7.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de Cross-Site Scripting (XSS) en Pixelpost, en versiones 1.7.3 y anteriores, permite que los atacantes inyecten scripts web o HTML arbitrarios utilizando vectores no especificados. • http://jvn.jp/en/jp/JVN27978559/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 2CVE-2008-0358 – PixelPost 1.7 - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2008-0358
SQL injection vulnerability in index.php in Pixelpost 1.7 allows remote attackers to execute arbitrary SQL commands via the parent_id parameter. Vulnerabilidad de inyección SQL en index.php de Pixelpost 1.7 permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro parent_id. • https://www.exploit-db.com/exploits/4924 http://secunia.com/advisories/28499 http://www.pixelpost.org/forum/showthread.php?t=7716 http://www.securityfocus.com/bid/27242 http://www.securitytracker.com/id?1019238 https://exchange.xforce.ibmcloud.com/vulnerabilities/39721 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •