| Max CVSS | 6.8 | Min CVSS | 5.8 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2014-9343 | 5.8 |
Open redirect vulnerability in modules/system/controller/selectlanguage.class.php in Snowfox CMS 1.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the rd parameter in a submit action to sno
|
08-09-2017 - 01:29 | 08-12-2014 - 16:59 | |
| CVE-2014-9344 | 6.8 |
Cross-site request forgery (CSRF) vulnerability in Snowfox CMS before 1.0.10 allows remote attackers to hijack the authentication of administrators for requests that add a new admin account via a submit action in the admin/accounts/create uri to snow
|
08-09-2017 - 01:29 | 08-12-2014 - 16:59 | |
| CVE-2014-6316 | 5.8 |
core/string_api.php in MantisBT before 1.2.18 does not properly categorize URLs when running under the web root, which allows remote attackers to conduct open redirect and phishing attacks via a crafted URL in the return parameter to login_page.php.
|
08-09-2017 - 01:29 | 12-12-2014 - 11:59 |