NexusPHP 漏洞列表

共找到 1 个与 NexusPHP 相关的漏洞

📅 加载漏洞趋势中...

CVE-2022-46888: NexusPHP <1.7.33 - Cross-Site Scripting POC

日期: 2025-08-01 | 影响软件: NexusPHP

NexusPHP before 1.7.33 contains multiple cross-site scripting vulnerabilities via the secret parameter in /login.php; q parameter in /user-ban-log.php; query parameter in /log.php; text parameter in /moresmiles.php; q parameter in myhr.php; or id parameter in /viewrequests.php. An attacker can inject arbitrary web script or HTML, which can allow theft of cookie-based authentication credentials and launch of other attacks..