Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Shirasagi Security Vulnerabilities

cve
cve

CVE-2019-6009

Open redirect vulnerability in SHIRASAGI v1.7.0 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

6.1CVSS

6.2AI Score

0.002EPSS

2019-09-12 05:15 PM
103
cve
cve

CVE-2020-5607

Open redirect vulnerability in SHIRASAGI v1.13.1 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

6.1CVSS

6.2AI Score

0.002EPSS

2020-07-10 02:15 AM
35
cve
cve

CVE-2022-29485

Cross-site scripting vulnerability in SHIRASAGI v1.0.0 to v1.14.2, and v1.15.0 allows a remote attacker to inject an arbitrary script via unspecified vectors.

6.1CVSS

6AI Score

0.001EPSS

2022-06-14 09:15 AM
35
5
cve
cve

CVE-2022-43479

Open redirect vulnerability in SHIRASAGI v1.14.4 to v1.15.0 allows a remote unauthenticated attacker to redirect users to an arbitrary web site and conduct a phishing attack.

6.1CVSS

6.2AI Score

0.002EPSS

2022-12-05 04:15 AM
20
cve
cve

CVE-2022-43499

Stored cross-site scripting vulnerability in SHIRASAGI versions prior to v1.16.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script.

5.4CVSS

5.1AI Score

0.001EPSS

2022-12-05 04:15 AM
25
cve
cve

CVE-2023-22425

Stored cross-site scripting vulnerability in Schedule function of SHIRASAGI v1.16.2 and earlier versions allows a remote authenticated attacker to inject an arbitrary script.

5.4CVSS

5AI Score

0.001EPSS

2023-02-24 06:15 AM
20
cve
cve

CVE-2023-22427

Stored cross-site scripting vulnerability in Theme switching function of SHIRASAGI v1.16.2 and earlier versions allows a remote attacker with an administrative privilege to inject an arbitrary script.

4.8CVSS

4.9AI Score

0.002EPSS

2023-02-24 06:15 AM
13
cve
cve

CVE-2023-36492

Reflected cross-site scripting vulnerability in SHIRASAGI prior to v1.18.0 allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product.

6.1CVSS

6.1AI Score

0.001EPSS

2023-09-05 10:15 AM
13
cve
cve

CVE-2023-38569

Stored cross-site scripting vulnerability in SHIRASAGI prior to v1.18.0 allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product.

5.4CVSS

5.1AI Score

0.0005EPSS

2023-09-05 10:15 AM
12
cve
cve

CVE-2023-39448

Path traversal vulnerability in SHIRASAGI prior to v1.18.0 allows a remote authenticated attacker to alter or create arbitrary files on the server, resulting in arbitrary code execution.

8.8CVSS

8.6AI Score

0.001EPSS

2023-09-05 09:15 AM
15
cve
cve

CVE-2023-41889

SHIRASAGI is a Content Management System. Prior to version 1.18.0, SHIRASAGI is vulnerable to a Post-Unicode normalization issue. This happens when a logical validation or a security check is performed before a Unicode normalization. The Unicode character equivalent of a character would resurface a...

5.3CVSS

5.3AI Score

0.001EPSS

2023-09-15 09:15 PM
12