Shodan
Vulnerabilities
Vulnerable Software
Expressionengine:  Security Vulnerabilities
CVE-2009-1070
Cross-site scripting (XSS) vulnerability in system/index.php in ExpressionEngine 1.6.4 through 1.6.6, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the avatar parameter.
CVSS Score
4.3
EPSS Score
0.02
Published
2009-03-26
CVE-2008-0201
Cross-site scripting (XSS) vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL parameter.
CVSS Score
4.3
EPSS Score
0.005
Published
2008-01-10
CVE-2008-0202
CRLF injection vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter.
CVSS Score
4.3
EPSS Score
0.005
Published
2008-01-10


Products
Pricing
Contact Us

Shodan ® - All rights reserved