Aggregates CVE and security vulnerability intelligence across all falcon-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk csrf and vendor risk input validation, with potential vendor impact unexpected behavior across vendor surface software deployment and vendor surface production workloads use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2007-6490 | Cross-site request forgery (CSRF) vulnerability in Falcon Series One CMS 1.4.3 allows remote attackers to change a password via a certain changepass action to index.php. | [email protected] | 4.3 | 0.66% | 2007-12-20 | 2026-04-23 |
| CVE-2007-6489 | Multiple cross-site scripting (XSS) vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to inject arbitrary web script or HTML via the (1) gb_mail, (2) gb_name, and (3) gb_text parameters in a guestbook action to index.php, and unspecified other vectors. | [email protected] | 7.5 | 7.98% | 2007-12-20 | 2026-04-23 |
| CVE-2007-6488 | Multiple PHP remote file inclusion vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the dir[classes] parameter to sitemap.xml.php or (2) the error parameter to errors.php. | [email protected] | 6.8 | 5.81% | 2007-12-20 | 2026-04-23 |
| CVE-1999-0882 | Falcon web server allows remote attackers to determine the absolute path of the web root via long file names. | [email protected] | 5.0 | 0.56% | 1999-10-28 | 2026-04-16 |