CVE Tools

glfusion

Web & CMS Pluginsoss-project

10

Cumulative CVEs

4

Monthly snapshots

#49

Peak rank

Top products

Latest CVEs

The 11 most recently published vulnerabilities affecting glfusion.

CVE-2021-45843glFusion CMS v1.7.9 is affected by a reflected Cross Site Scripting (XSS) vulnerability. The value of the title request parameter is copied into the value of an HTML tag attribute which is encapsul...6.1Dec 27, 2021
CVE-2021-44942glFusion CMS 1.7.9 is affected by a Cross Site Request Forgery (CSRF) vulnerability in /public_html/admin/plugins/bad_behavior2/blacklist.php. Using the CSRF vulnerability to trick the administrato...4.3Dec 14, 2021
CVE-2021-44949glFusion CMS 1.7.9 is affected by an access control vulnerability via /public_html/users.php.9.8Dec 14, 2021
CVE-2021-44937glFusion CMS v1.7.9 is affected by an arbitrary user registration vulnerability in /public_html/users.php. An attacker can register with the mailbox of any user. When users want to register, they w...5.3Dec 14, 2021
CVE-2021-44935glFusion CMS v1.7.9 is affected by an arbitrary user impersonation vulnerability in /public_html/comment.php. The attacker can complete the attack remotely without interaction.9.1Dec 14, 2021
CVE-2013-1466Multiple cross-site scripting (XSS) vulnerabilities in glFusion before 1.2.2.pl4 allow remote attackers to inject arbitrary web script or HTML via the (1) subject parameter to profiles.php; (2) add...4.3Feb 5, 2014
CVE-2009-4796Multiple SQL injection vulnerabilities in the ExecuteQueries function in private/system/classes/listfactory.class.php in glFusion 1.1.2 and earlier allow remote attackers to execute arbitrary SQL c...7.5Apr 22, 2010
CVE-2009-1283glFusion before 1.1.3 performs authentication with a user-provided password hash instead of a password, which allows remote attackers to gain privileges by obtaining the hash and using it in the gl...6.8Apr 9, 2009
CVE-2009-1282SQL injection vulnerability in private/system/lib-session.php in glFusion 1.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the glf_session cookie parameter.7.5Apr 9, 2009
CVE-2009-1281Cross-site scripting (XSS) vulnerability in glFusion before 1.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.4.3Apr 9, 2009
CVE-2009-0455Cross-site scripting (XSS) vulnerability in the anonymous comments feature in lib-comment.php in glFusion 1.1.0, 1.1.1, and earlier versions allows remote attackers to inject arbitrary web script o...2.6Feb 11, 2009