Aggregates CVE and security vulnerability intelligence across all phpmywind-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk cross-site scripting, vendor risk sql injection, vendor risk csrf, and vendor risk path handling and related problems; some flaws may lead to vendor impact session compromise.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2018-11487 | PHPMyWind 5.5 has XSS via the cid parameter to newsshow.php, or the query string to news.php or about.php. | [email protected] | 6.1 | 0.33% | 2018-05-26 | 2024-11-21 |
| CVE-2017-12984 | PHPMyWind 5.3 has XSS in shoppingcart.php, related to message.php, admin/message.php, and admin/message_update.php. | [email protected] | 6.1 | 1.43% | 2017-08-21 | 2026-05-13 |