Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
kallithea vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2015-1864
Multiple cross-site scripting (XSS) vulnerabilities in the administration pages in Kallithea prior to 0.2.1 allow remote malicious users to inject arbitrary web script or HTML via the (1) first name or (2) last name user details, or the (3) repository, (4) repository group, or (5...
Kallithea-scm Kallithea 0.2
Kallithea-scm Kallithea 0.1
6.5
CVSSv3
CVE-2016-3114
Kallithea prior to 0.3.2 allows remote authenticated users to edit or delete open pull requests or delete comments by leveraging read access.
Kallithea Kallithea 0.3.1
NA
CVE-2015-5285
CRLF injection vulnerability in Kallithea prior to 0.3 allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the came_from parameter to _admin/login.
Kallithea-scm Kallithea
1 EDB exploit
8.8
CVSSv3
CVE-2016-3691
Routes in Kallithea prior to 0.3.2 allows remote malicious users to bypass the CSRF protection by using the GET HTTP request method.
Kallithea-scm Kallithea
8.8
CVSSv3
CVE-2015-0276
Cross-site request forgery (CSRF) vulnerability in Kallithea prior to 0.2.
Kallithea-scm Kallithea
NA
CVE-2015-0260
RhodeCode prior to 2.2.7 and Kallithea 0.1 allows remote authenticated users to obtain API keys and other sensitive information via the get_repo API method.
Rhodecode Rhodecode Enterprise
Kallithea-scm Kallithea 0.1
NA
CVE-2015-528521
Kallithea suffers from a HTTP header injection (response splitting) vulnerability because it fails to properly sanitize user input before using it as an HTTP header value via the GET 'came_from' parameter in the login instance. This type of attack not only allows a mali...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-24955
man-in-the-middle
dos
CVE-2024-2818
CVE-2024-30584
CVE-2024-31134
camera
CVE-2023-45866
CVE-2024-30585
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started