Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
squiz matrix vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2019-19374
An issue exists in core/assets/form/form_question_types/form_question_type_file_upload/form_question_type_file_upload.inc in Squiz Matrix CMS 5.5.0 before 5.5.0.3, 5.5.1 before 5.5.1.8, 5.5.2 before 5.5.2.4, and 5.5.3 before 5.5.3.3 where a user can delete arbitrary files from th...
Squiz Matrix
605
VMScore
CVE-2006-5036
MySource Matrix 3.8 and previous versions, and MySource 2.x, allow remote malicious users to use the application as an HTTP proxy server via the sq_remote_page_url parameter to access arbitrary sites with the server's IP address and conduct cross-site scripting (XSS) attacks...
Squiz Mysource Classic
Squiz Mysource Matrix
605
VMScore
CVE-2006-5037
MySource Matrix after 3.8 allows remote malicious users to use the application as an HTTP proxy server via a MIME encoded URL in the sq_content_src parameter to access arbitrary sites with the server's IP address and conduct cross-site scripting (XSS) attacks. NOTE: the rese...
Squiz Mysource Matrix 3.8.6a
Squiz Mysource Matrix 3.8.2
Squiz Mysource Matrix 3.8.3
Squiz Mysource Matrix 3.10.1
Squiz Mysource Matrix 3.8.4
Squiz Mysource Matrix 3.8
Squiz Mysource Matrix 3.10
Squiz Mysource Matrix 3.8.5
578
VMScore
CVE-2017-14198
An issue exists in Squiz Matrix prior to 5.3.6.1 and 5.4.x prior to 5.4.1.3. Authenticated users with permissions to edit design assets can cause Remote Code Execution (RCE) via a maliciously crafted time_format tag.
Squiz Matrix 5.4.1.2
Squiz Matrix 5.4.1.1
Squiz Matrix 5.4.0.3
Squiz Matrix 5.4.0.1
Squiz Matrix 5.4.0.0
Squiz Matrix
Squiz Matrix 5.4.1.0
Squiz Matrix 5.4.0.2
445
VMScore
CVE-2019-19373
An issue exists in Squiz Matrix CMS 5.5.0 before 5.5.0.3, 5.5.1 before 5.5.1.8, 5.5.2 before 5.5.2.4, and 5.5.3 before 5.5.3.3 where a user can trigger arbitrary unserialization of a PHP object from a packages/cms/page_templates/page_remote_content/page_remote_content.inc POST pa...
Squiz Matrix
445
VMScore
CVE-2017-14196
An issue exists in Squiz Matrix from 5.3 through to 5.3.6.1 and 5.4.1.3. An information disclosure caused by a Path Traversal issue in the 'File Bridge' plugin allowed the existence of files outside of the bridged path to be confirmed.
Squiz Matrix
Squiz Matrix 5.4.1.3
435
VMScore
CVE-2010-4901
Multiple cross-site scripting (XSS) vulnerabilities in char_map.php in MySource Matrix 3.28.3 allow remote malicious users to inject arbitrary web script or HTML via the (1) height or (2) width parameter.
Squiz Mysource Matrix 3.28.3
1 EDB exploit
383
VMScore
CVE-2017-14197
An issue exists in Squiz Matrix prior to 5.3.6.1 and 5.4.x prior to 5.4.1.3. There are multiple reflected Cross-Site Scripting (XSS) issues in Matrix WYSIWYG plugins.
Squiz Matrix 5.4.0.0
Squiz Matrix
Squiz Matrix 5.4.0.3
Squiz Matrix 5.4.0.1
Squiz Matrix 5.4.1.2
Squiz Matrix 5.4.1.1
Squiz Matrix 5.4.1.0
Squiz Matrix 5.4.0.2
NA
CVE-2022-32277
Squiz Matrix CMS 6.20 is vulnerable to an Insecure Direct Object Reference caused by failure to correctly validate authorization when submitting a request to change a user's contact details. NOTE: this is disputed by both the vendor and the original discoverer because it is ...
Squiz Matrix 6.20
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started