Angry-frog » Xavier : Security Vulnerabilities, CVEs,

CVE-2019-14228

Xavier PHP Management Panel 3.0 is vulnerable to Reflected POST-based XSS via the username parameter when registering a new user at admin/includes/adminprocess.php. If there is an error when registering the user, the unsanitized username will reflect via the error page. Due to the lack of CSRF protection on the admin/includes/adminprocess.php endpoint, an attacker is able to chain the XSS with CSRF in order to cause remote exploitation.
Max CVSS
6.1
EPSS Score
0.07%
Published
2019-07-26
Updated
2020-08-24

CVE-2017-15949

Xavier PHP Management Panel 2.4 allows SQL injection via the usertoedit parameter to admin/adminuseredit.php or the log_id parameter to admin/editgroup.php.
Max CVSS
7.2
EPSS Score
0.07%
Published
2017-10-28
Updated
2017-11-14
2 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close