Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openwebif project openwebif vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2021-38113
In addBouquet in js/bqe.js in OpenWebif (aka e2openplugin-OpenWebif) up to and including 1.4.7, inserting JavaScript into the Add Bouquet feature of the Bouquet Editor (i.e., bouqueteditor/api/addbouquet?name=) leads to Stored XSS.
Openwebif Project Openwebif
5
CVSSv2
CVE-2018-20332
An issue has been discovered in the OpenWebif plugin up to and including 1.2.4 for Enigma2 based devices. Reading of arbitrary files is possible with /file?action=download&file= followed by a full pathname, and listing of arbitrary directories is possible with /file?action=do...
Openwebif Project Openwebif
10
CVSSv2
CVE-2017-9807
An issue exists in the OpenWebif plugin up to and including 1.2.4 for E2 open devices. The saveConfig function of "plugin/controllers/models/config.py" performs an eval() call on the contents of the "key" HTTP GET parameter. This allows an unauthenticated remo...
Openwebif Project Openwebif
6.8
CVSSv2
CVE-2017-9333
OpenWebif 1.2.5 allows remote code execution via a URL to the CallOPKG function in the IpkgController class in plugin/controllers/ipkg.py, when the URL refers to an attacker-controlled web site with a Trojan horse package. This has security implications in cases where untrusted u...
Openwebif Project Openwebif 1.2.5
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started