Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
magpierss vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2021-28941
Because of no validation on a curl command in MagpieRSS 0.72 in the /extlib/Snoopy.class.inc file, when you send a request to the /scripts/magpie_debug.php or /scripts/magpie_simple.php page, it's possible to request any internal page if you use a https request.
Magpierss Project Magpierss 0.72
9.8
CVSSv3
CVE-2021-28940
Because of a incorrect escaped exec command in MagpieRSS in 0.72 in the /extlib/Snoopy.class.inc file, it is possible to add a extra command to the curl binary. This creates an issue on the /scripts/magpie_debug.php and /scripts/magpie_simple.php page that if you send a specific ...
Magpierss Project Magpierss 0.72
NA
CVE-2005-3955
Multiple cross-site scripting (XSS) vulnerabilities in MagpieRSS 7.1, as used in (a) blogBuddiesv 0.3, (b) Jaws 0.6.2, and possibly other products, allow remote malicious users to inject arbitrary web script or HTML via the (1) url parameter to (a) magpie_debug.php and (2) rss_ur...
Blogbuddies Blogbuddies 0.3
Jaws Jaws 0.6.2
Magpierss Magpierss 7.1
2 EDB exploits
NA
CVE-2006-4735
Kellan Elliott-McCrea MagpieRSS allows remote malicious users to obtain sensitive information via a direct request for (1) rss_fetch.inc.php or (2) rss_parse.inc.php, which reveals the path in various error messages.
Kellan Elliott-mccrea Magpierss
NA
CVE-2011-0740
Cross-site scripting (XSS) vulnerability in magpie/scripts/magpie_slashbox.php in RSS Feed Reader 0.1 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the rss_url parameter.
Pleer Rss Feed Reader 0.1
1 EDB exploit
NA
CVE-2005-3330
The _httpsrequest function in Snoopy 1.2, as used in products such as (1) MagpieRSS, (2) WordPress, (3) Ampache, and (4) Jinzora, allows remote malicious users to execute arbitrary commands via shell metacharacters in an HTTPS URL to an SSL protected web page, which is not proper...
Snoopy Snoopy 1.2
1 EDB exploit
NA
CVE-2007-2337
Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS 0.96.6 Alpha and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) url parameter to (a) magpie_debug.php and (b) magpie_simple.php in external/magpierss/scripts/, t...
Oicgroup Exponent Cms 0.94
Oicgroup Exponent Cms
Oicgroup Exponent Cms 0.96.5
Oicgroup Exponent Cms 0.96.4
Oicgroup Exponent Cms 0.96.3
Oicgroup Exponent Cms 0.96.1
Oicgroup Exponent Cms 0.95
2 EDB exploits
6.1
CVSSv3
CVE-2018-20171
An issue exists in Nagios XI prior to 5.5.8. The url parameter of rss_dashlet/magpierss/scripts/magpie_simple.php is not filtered, resulting in an XSS vulnerability.
Nagios Nagios Xi
6.1
CVSSv3
CVE-2018-20172
An issue exists in Nagios XI prior to 5.5.8. The rss_url parameter of rss_dashlet/magpierss/scripts/magpie_slashbox.php is not filtered, resulting in an XSS vulnerability.
Nagios Nagios Xi
NA
CVE-2010-2852
Cross-site scripting (XSS) vulnerability in modules/headlines/magpierss/scripts/magpie_debug.php in RunCms 2.1, when the Headlines module is enabled, allows remote malicious users to inject arbitrary web script or HTML via the url parameter.
Runcms Runcms 2.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
injection
CVE-2024-30983
CVE-2023-4235
CVE-2024-21338
privilege
encryption
CVE-2023-4232
CVE-2024-31497
CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »