Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ss-proj shirasagi vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2022-29485
Cross-site scripting vulnerability in SHIRASAGI v1.0.0 to v1.14.2, and v1.15.0 allows a remote malicious user to inject an arbitrary script via unspecified vectors.
Ss-proj Shirasagi 1.15.0
Ss-proj Shirasagi
6.1
CVSSv3
CVE-2019-6009
Open redirect vulnerability in SHIRASAGI v1.7.0 and previous versions allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
Ss-proj Shirasagi
5.4
CVSSv3
CVE-2023-22425
Stored cross-site scripting vulnerability in Schedule function of SHIRASAGI v1.16.2 and previous versions versions allows a remote authenticated malicious user to inject an arbitrary script.
Ss-proj Shirasagi
8.8
CVSSv3
CVE-2023-39448
Path traversal vulnerability in SHIRASAGI prior to v1.18.0 allows a remote authenticated malicious user to alter or create arbitrary files on the server, resulting in arbitrary code execution.
Ss-proj Shirasagi
5.4
CVSSv3
CVE-2023-38569
Stored cross-site scripting vulnerability in SHIRASAGI prior to v1.18.0 allows a remote authenticated malicious user to execute an arbitrary script on the web browser of the user who is logging in to the product.
Ss-proj Shirasagi
4.8
CVSSv3
CVE-2023-22427
Stored cross-site scripting vulnerability in Theme switching function of SHIRASAGI v1.16.2 and previous versions versions allows a remote attacker with an administrative privilege to inject an arbitrary script.
Ss-proj Shirasagi
5.3
CVSSv3
CVE-2023-41889
SHIRASAGI is a Content Management System. Prior to version 1.18.0, SHIRASAGI is vulnerable to a Post-Unicode normalization issue. This happens when a logical validation or a security check is performed before a Unicode normalization. The Unicode character equivalent of a characte...
Ss-proj Shirasagi
6.1
CVSSv3
CVE-2022-43479
Open redirect vulnerability in SHIRASAGI v1.14.4 to v1.15.0 allows a remote unauthenticated malicious user to redirect users to an arbitrary web site and conduct a phishing attack.
Ss-proj Shirasagi
5.4
CVSSv3
CVE-2022-43499
Stored cross-site scripting vulnerability in SHIRASAGI versions prior to v1.16.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script.
Ss-proj Shirasagi
6.1
CVSSv3
CVE-2023-36492
Reflected cross-site scripting vulnerability in SHIRASAGI prior to v1.18.0 allows a remote unauthenticated malicious user to execute an arbitrary script on the web browser of the user who is logging in to the product.
Ss-proj Shirasagi
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »