indexhibit indexhibit CVE Vulnerabilities (8)

CVEs: 8 CPE versions: View versions table

Summary

This page lists publicly disclosed CVE vulnerabilities affecting indexhibit indexhibit (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.

Showing 18 of 8 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2020-18127 An issue in the /config/config.php component of Indexhibit 2.1.5 allows attackers to arbitrarily view files. [email protected] 6.5 1.17% 2021-08-30 2026-06-16
CVE-2020-18126 Multiple stored cross-site scripting (XSS) vulnerabilities in the Sections module of Indexhibit 2.1.5 allows attackers to execute arbitrary web scripts or HTML. [email protected] 5.4 0.49% 2021-08-30 2026-06-16
CVE-2020-18125 A reflected cross-site scripting (XSS) vulnerability in the /plugin/ajax.php component of Indexhibit 2.1.5 allows attackers to execute arbitrary web scripts or HTML. [email protected] 6.1 0.56% 2021-08-30 2026-06-16
CVE-2020-18124 A cross-site request forgery (CSRF) vulnerability in Indexhibit 2.1.5 allows attackers to arbitrarily reset account passwords. [email protected] 5.7 0.36% 2021-08-30 2026-06-16
CVE-2020-18123 A cross-site request forgery (CSRF) vulnerability in Indexhibit 2.1.5 allows attackers to arbitrarily delete admin accounts. [email protected] 6.5 0.41% 2021-08-30 2026-06-16
CVE-2020-18121 A configuration issue in Indexhibit 2.1.5 allows authenticated attackers to modify .php files, leading to getshell. [email protected] 8.8 0.97% 2021-08-30 2026-06-16
CVE-2019-16314 Indexhibit 2.1.5 allows a product reinstallation, with resultant remote code execution, via /ndxzstudio/install.php?p=2. [email protected] 9.8 38.73% 2019-09-14 2026-06-16
CVE-2019-8954 In Indexhibit 2.1.5, remote attackers can execute arbitrary code via the v parameter (in conjunction with the id parameter) in a upd_jxcode=true action to the ndxzstudio/?a=system URI. [email protected] 8.8 2.70% 2019-02-20 2026-06-16
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence