Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
commons vulnerabilities and exploits
(subscribe to this query)
9.9
CVSSv3
CVE-2023-26055
XWiki Commons are technical libraries common to several other top level XWiki projects. Starting in version 3.1-milestone-1, any user can edit their own profile and inject code, which is going to be executed with programming right. The same vulnerability can also be exploited in ...
Xwiki Commons 3.1
Xwiki Commons 3.1.1
Xwiki Commons
Xwiki Commons 14.4
7.5
CVSSv3
CVE-2017-9801
When a call-site passes a subject for an email that contains line-breaks in Apache Commons Email 1.0 up to and including 1.4, the caller can add arbitrary SMTP headers.
Apache Commons Email 1.3.3
Apache Commons Email 1.2
Apache Commons Email 1.4
Apache Commons Email 1.3.2
Apache Commons Email 1.0
Apache Commons Email 1.3.1
Apache Commons Email 1.3
Apache Commons Email 1.1
NA
CVE-2013-0248
The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 up to and including 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
Apache Commons Fileupload 1.0
Apache Commons Fileupload 1.1
Apache Commons Fileupload 1.1.1
Apache Commons Fileupload 1.2
Apache Commons Fileupload 1.2.1
Apache Commons Fileupload 1.2.2
2 Github repositories
5.4
CVSSv3
CVE-2023-36471
Xwiki commons is the common modules used by other XWiki top level projects. The HTML sanitizer that is included in XWiki since version 14.6RC1 allowed form and input HTML tags. In the context of XWiki, this allows an attacker without script right to either create forms that can b...
Xwiki Commons
Xwiki Commons 15.0
Xwiki Commons 15.1
NA
CVE-2014-8747
Cross-site scripting (XSS) vulnerability in the Drupal Commons module 7.x-3.x prior to 7.x-3.9 for Drupal allows remote malicious users to inject arbitrary web script or HTML via vectors related to content creation and activity stream messages.
Drupal Commons 7.x-3.4
Drupal Commons 7.x-3.8
Drupal Commons 7.x-3.7
Drupal Commons 7.x-3.3
Drupal Commons 7.x-3.6
Drupal Commons 7.x-3.5
NA
CVE-2012-4483
The commons_discussion_views_default_views function in modules/features/commons_discussion/commons_discussion.views_default.inc in the Drupal Commons module 6.x-2.x prior to 6.x-2.8 for Drupal does not properly enforce intended node access restrictions, which might allow remote m...
Acquia Commons 6.x-2.6
Acquia Commons 6.x-2.5
Acquia Commons 6.x-2.x
Acquia Commons 6.x-2.4
Acquia Commons 6.x-2.7
9
CVSSv3
CVE-2023-29528
XWiki Commons are technical libraries common to several other top level XWiki projects. The "restricted" mode of the HTML cleaner in XWiki, introduced in version 4.2-milestone-1 and massively improved in version 14.6-rc-1, allowed the injection of arbitrary HTML code an...
Xwiki Commons 4.2
Xwiki Commons
NA
CVE-2013-1907
The Commons Group module prior to 7.x-3.1 for Drupal, as used in the Commons module prior to 7.x-3.1, does not properly restrict access to groups, which allows remote malicious users to post arbitrary content to groups via unspecified vectors.
Acquia Commons Group
Acquia Commons
Acquia Commons Group7.x-3.x
Acquia Commons 7.x-3.x
NA
CVE-2014-3604
Certificates.java in Not Yet Commons SSL prior to 0.3.15 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbit...
Not Yet Commons Ssl Project Not Yet Commons Ssl
4.9
CVSSv3
CVE-2022-24898
org.xwiki.commons:xwiki-commons-xml is a common module used by other XWiki top level projects. Starting in version 2.7 and prior to versions 12.10.10, 13.4.4, and 13.8-rc-1, it is possible for a script to access any file accessing to the user running XWiki application server with...
Xwiki Commons
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »