Falcon : Security Vulnerabilities, CVEs, CVSS score >= 5
Multiple cross-site scripting (XSS) vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to inject arbitrary web script or HTML via the (1) gb_mail, (2) gb_name, and (3) gb_text parameters in a guestbook action to index.php, and unspecified other vectors.
Max CVSS
7.5
EPSS Score
0.67%
Published
2007-12-20
Updated
2017-09-29
Multiple PHP remote file inclusion vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the dir[classes] parameter to sitemap.xml.php or (2) the error parameter to errors.php.
Max CVSS
6.8
EPSS Score
1.15%
Published
2007-12-20
Updated
2017-09-29
Falcon web server allows remote attackers to determine the absolute path of the web root via long file names.
Max CVSS
5.0
EPSS Score
0.47%
Published
1999-10-28
Updated
2022-08-17
3 vulnerabilities found