Lucene search
K

6 matches found

Packet Storm
Packet Storm
added 2026/02/04 12:0 a.m.153 views

📄 Blesta 5.13.1 2Checkout PHP Object Injection

Blesta versions 3.0.0 through 5.13.1 suffer from a 2Checkout PHP object injection vulnerability. The vulnerabilities exist because user input passed through the invoices POST parameter or the item-ext-ref GET parameter when dispatching the Checkout2::validate or Checkout2::success method is not...

7.5CVSS6.3AI score0.00387EPSS
Exploits1
OSV
OSV
added 2026/02/03 8:15 p.m.2 views

CVE-2026-25615

Blesta 3.x through 5.x before 5.13.3 allows object injection, aka CORE-5668...

7.2CVSS5.8AI score0.00454EPSS
Exploits1References2
CVE
CVE
added 2026/02/03 7:21 p.m.14 views

CVE-2026-25616

Blesta CVE-2026-25616 affects Blesta versions 3.x through 5.x before 5.13.3 due to mishandling of input validation (CORE-5665). Multiple sources (Red Hat, CVE listing, PacketStorm) indicate impacts include input handling defects that enable cross-site scripting in certain endpoints, with the cano...

6.1CVSS5.3AI score0.00383EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/03 7:18 p.m.4 views

CVE-2026-25615

Blesta 3.x through 5.x before 5.13.3 allows object injection, aka CORE-5668...

7.2CVSS5.3AI score0.00454EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/02/03 7:16 p.m.4 views

CVE-2026-25614

Blesta 3.x through 5.x before 5.13.3 allows object injection, aka CORE-5680...

7.5CVSS5.3AI score0.00387EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/02/28 12:0 a.m.4 views

Blesta Security Breach

Blesta is a customer relationship management system from Blesta. A security vulnerability exists in Blesta versions prior to v5.9.2 that stems from a path traversal vulnerability in the /path/to/uploads/ directory. An attacker can exploit this vulnerability to take over a user account and execute...

7.1CVSS7.2AI score0.00305EPSS
Exploits0References2
Rows per page
Query Builder