CVE-2014-9146

Fiyo CMS 2.0.1.8 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in Fiyo CMS 2.0.1.8 allow remote attackers to inject arbitrary web script or HTML via the (1) view, (2) id, (3) page, or (4) app parameter to the default URI or the (5) act parameter to dapur/index.php.

Exploits (1)

exploitdb WORKING POC

webappsphp

https://www.exploit-db.com/exploits/36581

View Code ZIP pw:eip

References (1)

[Exploit] http://packetstormsecurity.com/files/131165/FiyoCMS-2.0.1.8-XSS-SQL-Injection-URL-Bypass.html

Scores

EPSS 0.0043

EPSS Percentile 62.9%

Details

CWE

CWE-79

Status published

Products (1)

fiyo/fiyo_cms 2.0.1.8

Published Apr 14, 2015

Tracked Since Feb 18, 2026