Jcow: Security Vulnerabilities
A Cross-Site Scripting (XSS) vulnerability exists in the g parameter to index.php in Jcow CMS 4.2 and earlier.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-01-14
A Code Execution vulnerability exists the attachment parameter to index.php in Jcow CMS 4.x to 4.2 and 5.2 to 5.2.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-01-14
Jcow 4.2.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/default/page.tpl.php and certain other files.
CVSS Score
5.0
EPSS Score
0.003
Published
2011-09-23