← Back

Xavier

xavier

Vendor: Angry Frog • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2019-14228
1Angry Frog
1Xavier
Jun 17, 2026
Jul 26, 2019
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
Xavier PHP Management Panel 3.0 is vulnerable to Reflected POST-based XSS via the username parameter when registering a new user at admin/includes/adminprocess.php. If there is an error when registering the user, the uns...Show more
Xavier PHP Management Panel 3.0 is vulnerable to Reflected POST-based XSS via the username parameter when registering a new user at admin/includes/adminprocess.php. If there is an error when registering the user, the unsanitized username will reflect via the error page. Due to the lack of CSRF protection on the admin/includes/adminprocess.php endpoint, an attacker is able to chain the XSS with CSRF in order to cause remote exploitation.Show less
CVE-2017-15949
1Angry Frog
1Xavier
May 13, 2026
Oct 28, 2017
N/A· v4
7.2 HIGH· v3
6.5 MEDIUM· v2
Xavier PHP Management Panel 2.4 allows SQL injection via the usertoedit parameter to admin/adminuseredit.php or the log_id parameter to admin/editgroup.php.