MidnightBSD

Advisories for jupiter_cms

CVE-2006-1223 MEDIUM

Cross-site scripting (XSS) vulnerability in Jupiter Content Manager 1.1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a Javascript URI in the image BBcode tag.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
jupiter_cms jupiter_cms 1.1.4
jupiter_cms jupiter_cms *
CVE-2006-1679 MEDIUM

Cross-site scripting (XSS) vulnerability in modules/online.php in Jupiter CMS 1.1.5 allows remote attackers to inject arbitrary web script or HTML via the layout parameter to index.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
jupiter_cms jupiter_cms 1.1.5
CVE-2006-1680 LOW

Jupiter CMS 1.1.5, when display_errors is enabled, allows remote attackers to obtain the full server path via a direct request to modules/online.php.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
jupiter_cms jupiter_cms 1.1.5
CVE-2006-2105 MEDIUM

Directory traversal vulnerability in index.php in Jupiter CMS 1.1.4 and 1.1.5 allows remote attackers to read arbitrary files via ".." sequences terminated by a %00 (null) character in the n parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
jupiter_cms jupiter_cms 1.1.4
jupiter_cms jupiter_cms 1.1.5
CVE-2006-4428 HIGH

PHP remote file inclusion vulnerability in index.php in Jupiter CMS 1.1.5 allows remote attackers to execute arbitrary PHP code via a URL in the template parameter. NOTE: CVE disputes this claim, since the $template variable is defined as a static value before it is referenced in an include statement

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
jupiter_cms jupiter_cms 1.1.5