Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Nuxeo Security Vulnerabilities

cve
cve

CVE-2021-32828

The Nuxeo Platform is an open source content management platform for building business applications. In version 11.5.109, the oauth2 REST API is vulnerable to Reflected Cross-Site Scripting (XSS). This XSS can be escalated to Remote Code Execution (RCE) by levering the automation...

6.1CVSS

6.2AI Score

0.001EPSS

2023-01-05 11:15 PM
28
cve
cve

CVE-2013-4521

RichFaces implementation in Nuxeo Platform 5.6.0 before HF27 and 5.8.0 before HF-01 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data. NOTE: this vulnerability may overlap...

9.8CVSS

9.5AI Score

0.1EPSS

2020-02-06 04:15 PM
26
cve
cve

CVE-2017-5869

Directory traversal vulnerability in the file import feature in Nuxeo Platform 6.0, 7.1, 7.2, and 7.3 allows remote authenticated users to upload and execute arbitrary JSP code via a .. (dot dot) in the X-File-Name...

8.8CVSS

8.5AI Score

0.059EPSS

2017-03-24 02:59 PM
45