Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
paperthin commonspot content server vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2014-2860
Multiple cross-site scripting (XSS) vulnerabilities in PaperThin CommonSpot prior to 7.0.2 and 8.x prior to 8.0.3 allow remote malicious users to inject arbitrary web script or HTML via a crafted HTTP request to a (1) ColdFusion or (2) JavaScript component.
Paperthin Commonspot Content Server 8.0.2
Paperthin Commonspot Content Server 8.0.0
Paperthin Commonspot Content Server
Paperthin Commonspot Content Server 8.0.1
10
CVSSv2
CVE-2014-2863
Multiple absolute path traversal vulnerabilities in PaperThin CommonSpot prior to 7.0.2 and 8.x prior to 8.0.3 allow remote malicious users to have an unspecified impact via a full pathname in a parameter.
Paperthin Commonspot Content Server
Paperthin Commonspot Content Server 8.0.2
Paperthin Commonspot Content Server 8.0.1
Paperthin Commonspot Content Server 8.0.0
10
CVSSv2
CVE-2014-2866
PaperThin CommonSpot prior to 7.0.2 and 8.x prior to 8.0.3 relies on client JavaScript code for access restrictions, which allows remote malicious users to perform unspecified operations by modifying this code.
Paperthin Commonspot Content Server
Paperthin Commonspot Content Server 8.0.2
Paperthin Commonspot Content Server 8.0.1
Paperthin Commonspot Content Server 8.0.0
7.5
CVSSv2
CVE-2014-2868
PaperThin CommonSpot prior to 7.0.2 and 8.x prior to 8.0.3 allows remote malicious users to modify the flow of execution of ColdFusion code by using an HTTP GET request to set a ColdFusion variable.
Paperthin Commonspot Content Server
Paperthin Commonspot Content Server 8.0.2
Paperthin Commonspot Content Server 8.0.1
Paperthin Commonspot Content Server 8.0.0
5
CVSSv2
CVE-2014-2870
The default configuration of PaperThin CommonSpot prior to 7.0.2 and 8.x prior to 8.0.3 uses cleartext for storage of credentials in a database, which makes it easier for context-dependent malicious users to obtain sensitive information via unspecified vectors.
Paperthin Commonspot Content Server 8.0.0
Paperthin Commonspot Content Server
Paperthin Commonspot Content Server 8.0.2
Paperthin Commonspot Content Server 8.0.1
5
CVSSv2
CVE-2014-2872
PaperThin CommonSpot prior to 7.0.2 and 8.x prior to 8.0.3 allows remote malicious users to obtain potentially sensitive information from a directory listing via unspecified vectors.
Paperthin Commonspot Content Server
Paperthin Commonspot Content Server 8.0.1
Paperthin Commonspot Content Server 8.0.2
Paperthin Commonspot Content Server 8.0.0
10
CVSSv2
CVE-2014-2874
PaperThin CommonSpot prior to 7.0.2 and 8.x prior to 8.0.3 allows remote malicious users to execute arbitrary code via shell metacharacters in an unspecified context.
Paperthin Commonspot Content Server 8.0.2
Paperthin Commonspot Content Server 8.0.1
Paperthin Commonspot Content Server 8.0.0
Paperthin Commonspot Content Server
4.3
CVSSv2
CVE-2014-2861
Incomplete blacklist vulnerability in PaperThin CommonSpot prior to 7.0.2 and 8.x prior to 8.0.3 allows remote malicious users to conduct cross-site scripting (XSS) attacks via a crafted string, as demonstrated by bypassing a protection mechanism that removes only the "alert...
Paperthin Commonspot Content Server
Paperthin Commonspot Content Server 8.0.2
Paperthin Commonspot Content Server 8.0.1
Paperthin Commonspot Content Server 8.0.0
4.3
CVSSv2
CVE-2010-0468
Cross-site scripting (XSS) vulnerability in utilities/longproc.cfm in PaperThin CommonSpot Content Server allows remote malicious users to inject arbitrary web script or HTML via the url parameter.
Paperthin Commonspot Content Server -
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2