CVE-2021-47906
- EPSS 0.04%
- Veröffentlicht 23.01.2026 16:47:44
- Zuletzt bearbeitet 26.01.2026 15:03:33
BloofoxCMS 0.5.2.1 contains a stored cross-site scripting vulnerability in the articles text parameter that allows authenticated attackers to inject malicious scripts. Attackers can insert malicious javascript payloads in the text field to execute sc...
CVE-2008-0428
- EPSS 1.23%
- Veröffentlicht 23.01.2008 22:00:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
Multiple SQL injection vulnerabilities in the login function in system/class_permissions.php in bloofoxCMS 0.3 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to admin/index.php.
CVE-2007-2310
- EPSS 2.5%
- Veröffentlicht 26.04.2007 21:19:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
Cross-site scripting (XSS) vulnerability in plugins/spaw/img_popup.php in BloofoxCMS 0.2.2 allows remote attackers to inject arbitrary web script or HTML via the img_url parameter.
CVE-2007-2311
- EPSS 1.02%
- Veröffentlicht 26.04.2007 21:19:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
PHP remote file inclusion vulnerability in install/index.php in BlooFoxCMS 0.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the content_php parameter. NOTE: this issue has been disputed by a reliable third party, stating that...