Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
saxon vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2007-2861
Multiple PHP remote file inclusion vulnerabilities in Simple Accessible XHTML Online News (SAXON) 4.6 allow remote malicious users to execute arbitrary PHP code via a URL in the template parameter to (1) news.php, (2) preview.php, or (3) archive-display.php.
Saxon Saxon 4.6
NA
CVE-2007-4861
SAXON 5.4, with display_errors enabled, allows remote malicious users to obtain sensitive information via (1) a direct request for news.php, (2) an invalid use of a newsid array parameter to admin/edit-item.php, and possibly unspecified vectors related to additional scripts in (3...
Quirm Saxon 5.4
NA
CVE-2007-4862
Cross-site scripting (XSS) vulnerability in admin/menu.php in SAXON 5.4 allows remote malicious users to inject arbitrary web script or HTML via the config[news_url] parameter.
Quirm Saxon 5.4
1 EDB exploit
NA
CVE-2007-4863
SQL injection vulnerability in example.php in SAXON 5.4 allows remote malicious users to execute arbitrary SQL commands via the template parameter.
Quirm Saxon 5.4
1 EDB exploit
NA
CVE-2015-0931
Ektron Content Management System (CMS) 8.5 and 8.7 prior to 8.7sp2 and 9.0 before sp1, when the Saxon XSLT parser is used, allows remote malicious users to execute arbitrary code via a crafted XSLT document, related to a "resource injection" issue.
Ektron Ektron Content Management System 8.5.0
Ektron Ektron Content Management System 8.7.0
Ektron Ektron Content Management System 8.9.0
NA
CVE-2005-3757
The Saxon XSLT parser in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote malicious users to obtain sensitive information and execute arbitrary code via dangerous Java class methods in select attribute of xsl:value-of tags in XSLT style sheets, su...
Google Mini Search Appliance
Google Search Appliance
2 EDB exploits
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
CVE-2006-4304
CVE-2023-26603
CVE-2024-28327
CVE-2023-50363
CVE-2024-21905
template injection
CVE-2024-3400
cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started