本ページは pixelimity pixelimity に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2025-5206 | A vulnerability classified as critical was found in Pixelimity 1.0. Affected by this vulnerability is an unknown functionality of the file /install/index.php of the component Installation. The manipulation of the argument site_description leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | [email protected] | 5.1 | 0.21% | 2025-05-26 | 2025-06-05 |
| CVE-2022-28590 | A Remote Code Execution (RCE) vulnerability exists in Pixelimity 1.0 via admin/admin-ajax.php?action=install_theme. | [email protected] | 7.2 | 25.47% | 2022-05-03 | 2024-11-21 |
| CVE-2022-28589 | A stored cross-site scripting (XSS) vulnerability in Pixelimity 1.0 allows attackers to execute arbitrary web scripts or HTML via the Title field in admin/pages.php?action=add_new | [email protected] | 4.8 | 0.22% | 2022-05-03 | 2024-11-21 |
| CVE-2021-42866 | A Cross Site Scripting vulnerabilty exists in Pixelimity 1.0 via the Site Description field in pixelimity/admin/setting.php | [email protected] | 4.8 | 0.22% | 2022-03-31 | 2024-11-21 |
| CVE-2021-29056 | Cross Site Scripting (XSS) vulnerability exists in Pixelimity 1.0 via the HTTP POST parameter to admin/setting.php. | [email protected] | 4.8 | 0.20% | 2021-08-17 | 2024-11-21 |
| CVE-2020-23522 | Pixelimity 1.0 has cross-site request forgery via the admin/setting.php data [Password] parameter. | [email protected] | 6.8 | 0.19% | 2021-01-19 | 2024-11-21 |
| CVE-2018-19919 | Pixelimity 1.0 has Persistent XSS via the admin/portfolio.php data[title] parameter, as demonstrated by a crafted onload attribute of an SVG element. | [email protected] | 4.8 | 0.24% | 2018-12-06 | 2024-11-21 |