Wikindx Project: >> Wikindx >> 2.3.4 Security Vulnerabilities
A cross-site scripting (XSS) vulnerability in many forms of Wikindx before 5.7.0 and 6.x through 6.4.0 allows remote attackers to inject arbitrary web script or HTML via the message parameter to index.php?action=initLogon or modules/admin/DELETEIMAGES.php.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-02-01
A cross-site scripting (XSS) vulnerability in getPagingStart() in core/lists/PAGING.php in WIKINDX before 5.8.2 allows remote attackers to inject arbitrary web script or HTML via the PagingStart parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-07-26
A cross-site scripting (XSS) vulnerability in noMenu() and noSubMenu() in core/navigation/MENU.php in WIKINDX prior to version 5.8.1 allows remote attackers to inject arbitrary web script or HTML via the method parameter.
CVSS Score
6.1
EPSS Score
0.004
Published
2019-07-08
A cross-site scripting (XSS) vulnerability in ressource view in core/modules/resource/RESOURCEVIEW.php in Wikindx prior to version 5.7.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-03-26