Chxo: >> Feedsplitter Security Vulnerabilities
CHXO Feedsplitter 2006-01-21 allows remote attackers to read the source code of feedsplitter.php via the showsource function. NOTE: this issue is not a vulnerability in standard distributions, but could be an issue if the source has been modified.
CVSS Score
5.0
EPSS Score
0.004
Published
2006-09-06
Directory traversal vulnerability in CHXO Feedsplitter 2006-01-21 allows remote attackers to read arbitrary XML files via .. (dot dot) sequences in the format parameter with a leading ".", which bypasses a security check.
CVSS Score
5.0
EPSS Score
0.002
Published
2006-09-06
Eval injection vulnerability in CHXO Feedsplitter 2006-01-21 allows remote attackers to execute arbitrary PHP code via (1) the file specified as the value of the format parameter, and possibly (2) the RSS feed.
CVSS Score
7.5
EPSS Score
0.01
Published
2006-09-06
Cross-site scripting (XSS) vulnerability in CHXO Feedsplitter 2006-01-21 allows remote attackers to inject arbitrary web script or HTML via the RSS feed.
CVSS Score
6.8
EPSS Score
0.009
Published
2006-09-06