Every CVE whose affected-product data names Jetbox Jetbox Cms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (19)
CVE-2006-3583 — CVSS 7.5 (high): Session fixation vulnerability in Jetbox CMS 2.1 SR1 allows remote attackers to hijack web sessions via a crafted link and the…
CVE-2006-4737 — CVSS 7.5 (high): SQL injection vulnerability in index.php in Jetbox CMS allows remote attackers to inject arbitrary web script or HTML via the item…
CVE-2006-4738 — CVSS 7.5 (high): PHP remote file inclusion vulnerability in phpthumb.php in Jetbox CMS allows remote attackers to execute arbitrary PHP code via a URL in…
CVE-2006-2270 — CVSS 7.5 (high): PHP remote file inclusion vulnerability in includes/config.php in Jetbox CMS 2.1 allows remote attackers to execute arbitrary code via a…
CVE-2007-2685 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in index.php in Jetbox CMS 2.1 allow remote attackers to execute arbitrary SQL commands via the (1)…
CVE-2006-3584 — CVSS 7.5 (high): Dynamic variable evaluation vulnerability in index.php in Jetbox CMS 2.1 SR1 allows remote attackers to overwrite configuration variables…
CVE-2006-3586 — CVSS 7.5 (high): SQL injection vulnerability in Jetbox CMS 2.1 SR1 allows remote attackers to execute arbitrary SQL commands via the (1) frontsession COOKIE…
CVE-2006-4422 — CVSS 7.5 (high): PHP remote file inclusion vulnerability in includes/phpdig/libs/search_function.php in Jetbox CMS 2.1 allows remote attackers to execute…
CVE-2007-2732 — CVSS 6.8 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS allow remote attackers to inject arbitrary web script or HTML via the (1)…
CVE-2008-4651 — CVSS 6.0 (medium): Multiple SQL injection vulnerabilities in Jetbox CMS 2.1 allow remote authenticated users to execute arbitrary SQL commands via the (1)…
CVE-2007-2733 — CVSS 6.0 (medium): Unrestricted file upload vulnerability in Jetbox CMS allows remote authenticated users with author privileges to upload arbitrary scripts…
CVE-2007-1898 — CVSS 5.8 (medium): formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_host…
CVE-2006-4740 — CVSS 5.0 (medium): Jetbox CMS allows remote attackers to obtain sensitive information via a direct request for certain files, which reveal the path in an…
CVE-2007-2684 — CVSS 5.0 (medium): Jetbox CMS 2.1 allows remote attackers to obtain sensitive information via (1) a direct request to (a) main_page.php, (b) open_tree.php…
CVE-2007-2686 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in index.php in Jetbox CMS 2.1 allows remote attackers to inject arbitrary web script or HTML via…
CVE-2006-3585 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS 2.1 SR1 allow remote attackers to inject arbitrary web script or HTML via…
CVE-2008-6174 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in admin/postlister/index.php in Jetbox CMS 2.1 allows remote attackers to inject arbitrary web…
CVE-2007-2731 — CVSS 4.0 (medium): CRLF injection vulnerability in formmail.php in Jetbox CMS 2.1 might allow remote attackers to inject arbitrary e-mail headers via LF (%0A)…
CVE-2006-4739 — CVSS 2.6 (low): Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS allow remote attackers to inject arbitrary web script or HTML, as…