Indexhibit

indexhibit

Vendor: Indexhibit • 8 CVEs

CVEs (8)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-18127 1Indexhibit 1Indexhibit Nov 21, 2024 Aug 30, 2021 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 An issue in the /config/config.php component of Indexhibit 2.1.5 allows attackers to arbitrarily view files.
CVE-2020-18126 1Indexhibit 1Indexhibit Nov 21, 2024 Aug 30, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Multiple stored cross-site scripting (XSS) vulnerabilities in the Sections module of Indexhibit 2.1.5 allows attackers to execute arbitrary web scripts or HTML.
CVE-2020-18125 1Indexhibit 1Indexhibit Nov 21, 2024 Aug 30, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A reflected cross-site scripting (XSS) vulnerability in the /plugin/ajax.php component of Indexhibit 2.1.5 allows attackers to execute arbitrary web scripts or HTML.
CVE-2020-18124 1Indexhibit 1Indexhibit Nov 21, 2024 Aug 30, 2021 N/A· v4 5.7 MEDIUM· v3 4.0 MEDIUM· v2 A cross-site request forgery (CSRF) vulnerability in Indexhibit 2.1.5 allows attackers to arbitrarily reset account passwords.
CVE-2020-18123 1Indexhibit 1Indexhibit Nov 21, 2024 Aug 30, 2021 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 A cross-site request forgery (CSRF) vulnerability in Indexhibit 2.1.5 allows attackers to arbitrarily delete admin accounts.
CVE-2020-18121 1Indexhibit 1Indexhibit Nov 21, 2024 Aug 30, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A configuration issue in Indexhibit 2.1.5 allows authenticated attackers to modify .php files, leading to getshell.
CVE-2019-16314 1Indexhibit 1Indexhibit Nov 21, 2024 Sep 14, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Indexhibit 2.1.5 allows a product reinstallation, with resultant remote code execution, via /ndxzstudio/install.php?p=2.
CVE-2019-8954 1Indexhibit 1Indexhibit Nov 21, 2024 Feb 20, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 In Indexhibit 2.1.5, remote attackers can execute arbitrary code via the v parameter (in conjunction with the id parameter) in a upd_jxcode=true action to the ndxzstudio/?a=system URI.