Lucene search
K

12 matches found

CNNVD
CNNVD
added 2026/06/11 12:0 a.m.17 views

OpenClaw 权限许可和访问控制问题漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.27 had code-related vulnerabilities. These vulnerabilities stemmed from issues with code execution during the skill installation process. The workarea.env file could override th...

8.8CVSS6.3AI score0.00298EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.10 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.10 contained security vulnerabilities. These vulnerabilities stemmed from bypassing plugin trust mechanisms, allowing attackers to circumvent the expected trust levels when...

8.8CVSS5.8AI score0.00386EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2008-3485

Malware in sbrugna...

10CVSS6.4AI score0.01446EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 1:52 p.m.6 views

Malicious code in workarea-gift-cards (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0References1
OSV
OSV
added 2024/06/25 1:52 p.m.11 views

MAL-2024-7046 Malicious code in workarea-gift-cards (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0References1
OSV
OSV
added 2018/10/10 9:29 p.m.5 views

CVE-2018-12596

Episerver Ektron CMS before 9.0 SP3 Site CU 31, 9.1 before SP3 Site CU 45, or 9.2 before SP2 Site CU 22 allows remote attackers to call aspx pages via the "activateuser.aspx" page, even if a page is located under the /WorkArea/ path, which is forbidden normally available exclusively for local...

9.8CVSS5.8AI score0.22379EPSS
Exploits5References4
CVE
CVE
added 2018/10/10 9:0 p.m.81 views

CVE-2018-12596

CVE-2018-12596 affects Episerver/Ektron CMS (notably version 9.20 SP2) where remote attackers can reach the activateuser.aspx page, even when located under /WorkArea/ (normally restricted to local admins). The vulnerability is caused by improper access restrictions, permitting unauthorized enabli...

9.8CVSS9.1AI score0.22379EPSS
Exploits5References4Affected Software1
OSV
OSV
added 2017/07/25 8:29 p.m.4 views

CVE-2016-6133

Cross-site scripting XSS vulnerability in Ektron Content Management System before 9.1.0.184SP39.1.0.184.3.127 allows remote attackers to inject arbitrary web script or HTML via the rptStatus parameter in a Report action to WorkArea/SelectUserGroup.aspx...

6.1CVSS5.9AI score0.00757EPSS
Exploits1References1
OSV
OSV
added 2017/07/03 4:29 p.m.1 views

CVE-2016-6201

Cross-site scripting XSS vulnerability in Ektron Content Management System CMS before 9.1.0.184 SP3 9.1.0.184.3.127 allows remote attackers to inject arbitrary web script or HTML via the ContType parameter in a ViewContentByCategory action to WorkArea/content.aspx...

6.1CVSS5.9AI score0.00888EPSS
Exploits2References1
CNVD
CNVD
added 2015/06/10 12:0 a.m.4 views

Ektron Content Management System Cross-Site Scripting Vulnerability

Ektron Content Management System is an enterprise-level Web content management system. A cross-site scripting vulnerability exists in Test/WorkArea/workarea.aspx in Ektron CMS, which can be exploited by remote attackers to inject malicious script or HTML code, which can be used to obtain sensitiv...

3.5CVSS6AI score0.01497EPSS
Exploits1References1
CVE
CVE
added 2015/02/14 2:0 a.m.57 views

CVE-2015-0923

The CVE-2015-0923 vulnerability affects Ektron CMS versions 8.5, 8.7 before 8.7sp2, and 9.0 before sp1, in ContentBlockEx via Workarea/ServerControlWS.asmx. An XML External Entity (XXE) flaw arises when an XML document is named in the xslt parameter, allowing remote, unauthenticated readers to ac...

5CVSS6.9AI score0.22034EPSS
Exploits3References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2008/06/26 12:0 a.m.66 views

Ektron CMS400.NET WorkArea/ContentRatingGraph.aspx res Parameter SQL Injection

The remote host is running CMS400.NET, a .NET content management solution. The version of CMS400.NET installed on the remote host fails to sanitize user-supplied input to the 'res' parameter of the 'WorkArea/ContentRatingGraph.aspx' script before using it in a database query. An unauthenticated...

7.5CVSS5.5AI score0.01147EPSS
Exploits1References3
Rows per page
Query Builder