cbcvebase.

Interworx Web Control Panel vulnerabilities

4 known vulnerabilities affecting interworx/web_control_panel.

Total CVEs
4
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2014-2531P3MEDIUMCVSS 6.5PoC≤ 5.0.132014-10-21
CVE-2014-2531 [MEDIUM] CWE-89 CVE-2014-2531: SQL injection vulnerability in xhr.php in InterWorx Web Control Panel (aka InterWorx Hosting Control SQL injection vulnerability in xhr.php in InterWorx Web Control Panel (aka InterWorx Hosting Control Panel and InterWorx-CP) before 5.0.14 build 577 allows remote authenticated users to execute arbitrary SQL commands via the i parameter in a search action to the (1) NodeWorx , (2) SiteWorx, or (3) Resellers interface, as demonstrated by the "or" key in
nvd
CVE-2014-2035P4MEDIUMCVSS 4.3≤ 5.0.13v5.0+3 more2014-02-27
CVE-2014-2035 [MEDIUM] CWE-79 CVE-2014-2035: Cross-site scripting (XSS) vulnerability in xhr.php in InterWorx Web Control Panel (aka InterWorx Ho Cross-site scripting (XSS) vulnerability in xhr.php in InterWorx Web Control Panel (aka InterWorx Hosting Control Panel and InterWorx-CP) before 5.0.13 build 574 allows remote attackers to inject arbitrary web script or HTML via the i parameter.
nvd
CVE-2007-4589P4MEDIUMCVSS 4.3v3.0.22007-08-29
CVE-2007-4589 [MEDIUM] CWE-79 CVE-2007-4589: Multiple cross-site scripting (XSS) vulnerabilities in InterWorx Hosting Control Panel (InterWorx-CP Multiple cross-site scripting (XSS) vulnerabilities in InterWorx Hosting Control Panel (InterWorx-CP) Webmaster Level (SiteWorx) 3.0.2 (1) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php; and allow remote authenticated users to inject arbitrary web script or HTML via the PATH_INFO to (2) siteworx.php, (3) us
nvd
CVE-2007-4588P4MEDIUMCVSS 4.3v3.0.22007-08-29
CVE-2007-4588 [MEDIUM] CWE-79 CVE-2007-4588: Multiple cross-site scripting (XSS) vulnerabilities in InterWorx Hosting Control Panel (InterWorx-CP Multiple cross-site scripting (XSS) vulnerabilities in InterWorx Hosting Control Panel (InterWorx-CP) Server Admin Level (NodeWorx) 3.0.2 (1) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php; and allow remote authenticated users to inject arbitrary web script or HTML via the PATH_INFO to (2) nodeworx.php, (3)
nvd
Interworx Web Control Panel vulnerabilities | cvebase