Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
glfusion glfusion vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2021-45843
glFusion CMS v1.7.9 is affected by a reflected Cross Site Scripting (XSS) vulnerability. The value of the title request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. This input was echoed unmodified in the application...
Glfusion Glfusion 1.7.9
4.3
CVSSv3
CVE-2021-44942
glFusion CMS 1.7.9 is affected by a Cross Site Request Forgery (CSRF) vulnerability in /public_html/admin/plugins/bad_behavior2/blacklist.php. Using the CSRF vulnerability to trick the administrator to click, an attacker can add a blacklist.
Glfusion Glfusion 1.7.9
9.8
CVSSv3
CVE-2021-44949
glFusion CMS 1.7.9 is affected by an access control vulnerability via /public_html/users.php.
Glfusion Glfusion 1.7.9
9.1
CVSSv3
CVE-2021-44935
glFusion CMS v1.7.9 is affected by an arbitrary user impersonation vulnerability in /public_html/comment.php. The attacker can complete the attack remotely without interaction.
Glfusion Glfusion 1.7.9
5.3
CVSSv3
CVE-2021-44937
glFusion CMS v1.7.9 is affected by an arbitrary user registration vulnerability in /public_html/users.php. An attacker can register with the mailbox of any user. When users want to register, they will find that the mailbox has been occupied.
Glfusion Glfusion 1.7.9
NA
CVE-2013-1466
Multiple cross-site scripting (XSS) vulnerabilities in glFusion prior to 1.2.2.pl4 allow remote malicious users to inject arbitrary web script or HTML via the (1) subject parameter to profiles.php; (2) address1, (3) address2, (4) calendar_type, (5) city, (6) state, (7) title, (8)...
Glfusion Glfusion 1.2.0.pl1
Glfusion Glfusion 1.1.2
Glfusion Glfusion 1.2.0.pl7
Glfusion Glfusion 1.1.6.pl4
Glfusion Glfusion 1.1.8.pl6
Glfusion Glfusion 1.1.8.pl1
Glfusion Glfusion 1.1.6.pl1
Glfusion Glfusion 1.1.4.pl2
Glfusion Glfusion 1.1.3
Glfusion Glfusion 1.1.8.pl3
Glfusion Glfusion 1.1.7
Glfusion Glfusion 1.1.5.pl2
Glfusion Glfusion 1.0.0
Glfusion Glfusion 1.2.0.pl3
Glfusion Glfusion 1.1.8.pl4
Glfusion Glfusion 1.1.6
Glfusion Glfusion 1.0.2
Glfusion Glfusion 1.1.4
Glfusion Glfusion 1.1.4.pl3
Glfusion Glfusion 1.1.4.pl4
Glfusion Glfusion 1.1.6.pl2
Glfusion Glfusion 1.2.0.pl2
1 EDB exploit
NA
CVE-2013-14661
glFusion version 1.2.2 suffers from multiple cross site scripting vulnerabilities.
NA
CVE-2009-4796
Multiple SQL injection vulnerabilities in the ExecuteQueries function in private/system/classes/listfactory.class.php in glFusion 1.1.2 and previous versions allow remote malicious users to execute arbitrary SQL commands via the (1) order and (2) direction parameters to search.ph...
Glfusion Glfusion 1.0.0
Glfusion Glfusion 1.0.1
Glfusion Glfusion 1.1.1
Glfusion Glfusion
Glfusion Glfusion 1.1.0
1 EDB exploit
NA
CVE-2009-1282
SQL injection vulnerability in private/system/lib-session.php in glFusion 1.1.2 and previous versions allows remote malicious users to execute arbitrary SQL commands via the glf_session cookie parameter.
Glfusion Glfusion 1.0.0
Glfusion Glfusion 1.0.1
Glfusion Glfusion 1.1.1
Glfusion Glfusion
Glfusion Glfusion 1.1.0
1 EDB exploit
NA
CVE-2009-1281
Cross-site scripting (XSS) vulnerability in glFusion prior to 1.1.3 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Glfusion Glfusion 1.0.0
Glfusion Glfusion 1.0.1
Glfusion Glfusion 1.1.1
Glfusion Glfusion
Glfusion Glfusion 1.1.0
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »