Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
osm vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2022-30544
Cross-Site Request Forgery (CSRF) in MiKa's OSM – OpenStreetMap plugin <= 6.0.1 versions.
Hyumika Openstreetmap
8.2
CVSSv3
CVE-2024-22519
An issue discovered in OpenDroneID OSM 3.5.1 allows malicious users to impersonate other drones via transmission of crafted data packets.
Sorenfriis Opendroneid Osm 3.5.1
1 Github repository
7.6
CVSSv3
CVE-2020-7749
This affects all versions of package osm-static-maps. User input given to the package is passed directly to a template without escaping ({{{ ... }}}). As such, it is possible for an malicious user to inject arbitrary HTML/JS code and depending on the context. It will be outputted...
Osm-static-maps Project Osm-static-maps
6.1
CVSSv3
CVE-2018-25064
A vulnerability was found in OSM Lab show-me-the-way. It has been rated as problematic. This issue affects some unknown processing of the file js/site.js. The manipulation leads to cross site scripting. The attack may be initiated remotely. The patch is named 4bed3b34dcc01fe6661f...
Show-me-the-way Project Show-me-the-way
6.1
CVSSv3
CVE-2019-17504
An issue exists in Kirona Dynamic Resource Scheduling (DRS) 5.5.3.5. A reflected Cross-site scripting (XSS) vulnerability allows remote malicious users to inject arbitrary web script via the /osm/report/ password parameter.
Kirona Dynamic Resource Scheduling 5.5.3.5
1 EDB exploit
5.4
CVSSv3
CVE-2022-4676
The OSM WordPress plugin up to and including 6.01 does not validate and escape some of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.
Openstreetmap Openstreetmap
5.3
CVSSv3
CVE-2019-17503
An issue exists in Kirona Dynamic Resource Scheduling (DRS) 5.5.3.5. An unauthenticated user can access /osm/REGISTER.cmd (aka /osm_tiles/REGISTER.cmd) directly: it contains sensitive information about the database through the SQL queries within this batch file. This file exposes...
Kirona Dynamic Resource Scheduling 5.5.3.5
1 EDB exploit
NA
CVE-2022-35503
Improper verification of a user input in Open Source MANO v7-v12 allows an authenticated malicious user to execute arbitrary code within the LCM module container via a Virtual Network Function (VNF) descriptor. An attacker may be able execute code to change the normal execution o...
NA
CVE-2012-1647
Multiple cross-site scripting (XSS) vulnerabilities in the "stand alone PHP application for the OSM Player," as used in the MediaFront module 6.x-1.x prior to 6.x-1.5 and 7.x-1.x prior to 7.x-1.5 for Drupal, allow remote malicious users to inject arbitrary web script or...
Mediafront Mediafront 6.x-1.0-beta3
Mediafront Mediafront 6.x-1.0
Mediafront Mediafront 6.x-1.1
Mediafront Mediafront 6.x-1.2
Mediafront Mediafront 6.x-1.x
Mediafront Mediafront 6.x-1.3
NA
CVE-2006-4666
Multiple PHP remote file inclusion vulnerabilities in Stefan Ernst Newsscript (aka WM-News) 0.5 beta allow remote malicious users to execute arbitrary PHP code via a URL in the (1) ide parameter in (a) article.php; or the (2) pwfile parameter in (b) delete.php, (c) modify.php, (d...
Stefan Ernst Newsscript 0.5
2 EDB exploits
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »