Filtered by vendor Ss-proj
Subscriptions
Total
11 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-41889 | 1 Ss-proj | 1 Shirasagi | 2023-09-20 | 5.3 Medium |
| SHIRASAGI is a Content Management System. Prior to version 1.18.0, SHIRASAGI is vulnerable to a Post-Unicode normalization issue. This happens when a logical validation or a security check is performed before a Unicode normalization. The Unicode character equivalent of a character would resurface after the normalization. The fix is initially performing the Unicode normalization and then strip for all whitespaces and then checking for a blank string. This issue has been fixed in version 1.18.0. | ||||
| CVE-2023-39448 | 1 Ss-proj | 1 Shirasagi | 2023-09-08 | 8.8 High |
| Path traversal vulnerability in SHIRASAGI prior to v1.18.0 allows a remote authenticated attacker to alter or create arbitrary files on the server, resulting in arbitrary code execution. | ||||
| CVE-2023-36492 | 1 Ss-proj | 1 Shirasagi | 2023-09-08 | 6.1 Medium |
| Reflected cross-site scripting vulnerability in SHIRASAGI prior to v1.18.0 allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product. | ||||
| CVE-2023-38569 | 1 Ss-proj | 1 Shirasagi | 2023-09-08 | 5.4 Medium |
| Stored cross-site scripting vulnerability in SHIRASAGI prior to v1.18.0 allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product. | ||||
| CVE-2023-22427 | 1 Ss-proj | 1 Shirasagi | 2023-03-02 | 4.8 Medium |
| Stored cross-site scripting vulnerability in Theme switching function of SHIRASAGI v1.16.2 and earlier versions allows a remote attacker with an administrative privilege to inject an arbitrary script. | ||||
| CVE-2023-22425 | 1 Ss-proj | 1 Shirasagi | 2023-03-02 | 5.4 Medium |
| Stored cross-site scripting vulnerability in Schedule function of SHIRASAGI v1.16.2 and earlier versions allows a remote authenticated attacker to inject an arbitrary script. | ||||
| CVE-2022-43479 | 1 Ss-proj | 1 Shirasagi | 2022-12-06 | 6.1 Medium |
| Open redirect vulnerability in SHIRASAGI v1.14.4 to v1.15.0 allows a remote unauthenticated attacker to redirect users to an arbitrary web site and conduct a phishing attack. | ||||
| CVE-2022-43499 | 1 Ss-proj | 1 Shirasagi | 2022-12-06 | 5.4 Medium |
| Stored cross-site scripting vulnerability in SHIRASAGI versions prior to v1.16.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. | ||||
| CVE-2022-29485 | 1 Ss-proj | 1 Shirasagi | 2022-06-23 | 6.1 Medium |
| Cross-site scripting vulnerability in SHIRASAGI v1.0.0 to v1.14.2, and v1.15.0 allows a remote attacker to inject an arbitrary script via unspecified vectors. | ||||
| CVE-2020-5607 | 1 Ss-proj | 1 Shirasagi | 2020-07-15 | 6.1 Medium |
| Open redirect vulnerability in SHIRASAGI v1.13.1 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | ||||
| CVE-2019-6009 | 1 Ss-proj | 1 Shirasagi | 2019-09-13 | 6.1 Medium |
| Open redirect vulnerability in SHIRASAGI v1.7.0 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | ||||
Page 1 of 1.