46 matches found
Erxes <0.23.0 - Cross-Site Scripting
Erxes before 0.23.0 contains a cross-site scripting vulnerability. The value of topicID parameter is not escaped and is triggered in the enclosing script tag. id: CVE-2021-32853 info: name: Erxes 0.23.0 - Cross-Site Scripting author: dwisiswant0 severity: critical description: Erxes before 0.23.0...
EUVD-2024-54663
Malicious code in bioql PyPI...
EUVD-2025-17795
Malicious code in bioql PyPI...
EUVD-2025-17800
Malicious code in bioql PyPI...
CVE-2024-57189
In Erxes 1.6.2, an authenticated attacker can write to arbitrary files on the system using a Path Traversal vulnerability in the importHistoriesCreate GraphQL mutation handler...
CVE-2024-57190
Erxes 1.6.1 is vulnerable to Incorrect Access Control. An attacker can bypass authentication by providing a "User" HTTP header that contains any user, allowing them to talk to any GraphQL endpoint...
CVE-2024-57186
In Erxes 1.6.2, an unauthenticated attacker can read arbitrary files from the system using a Path Traversal vulnerability in the /read-file endpoint handler...
Path Traversal
Erxes is vulnerable to a Path Traversal. The vulnerability is due to improper validation in the /read-file endpoint handler, allowing an unauthenticated attacker to read arbitrary files from the system...
Erxes Incorrect Access Control vulnerability
Erxes 1.6.1 is vulnerable to Incorrect Access Control. An attacker can bypass authentication by providing a "User" HTTP header that contains any user, allowing them to talk to any GraphQL endpoint...
Erxes Path Traversal vulnerability
In Erxes 1.6.2, an unauthenticated attacker can read arbitrary files from the system using a Path Traversal vulnerability in the /read-file endpoint handler...
Erxes Path Traversal vulnerability
In Erxes 1.6.2, an authenticated attacker can write to arbitrary files on the system using a Path Traversal vulnerability in the importHistoriesCreate GraphQL mutation handler...
GHSA-2977-5PHP-6789 Erxes Path Traversal vulnerability
In Erxes 1.6.2, an authenticated attacker can write to arbitrary files on the system using a Path Traversal vulnerability in the importHistoriesCreate GraphQL mutation handler...
GHSA-RQ9R-QVWG-829Q Erxes Path Traversal vulnerability
In Erxes 1.6.2, an unauthenticated attacker can read arbitrary files from the system using a Path Traversal vulnerability in the /read-file endpoint handler...
GHSA-7RHV-XM4Q-WH42 Erxes Incorrect Access Control vulnerability
Erxes 1.6.1 is vulnerable to Incorrect Access Control. An attacker can bypass authentication by providing a "User" HTTP header that contains any user, allowing them to talk to any GraphQL endpoint...
CVE-2024-57190
Erxes 1.6.1 is vulnerable to Incorrect Access Control. An attacker can bypass authentication by providing a "User" HTTP header that contains any user, allowing them to talk to any GraphQL endpoint...
CVE-2024-57189
In Erxes 1.6.2, an authenticated attacker can write to arbitrary files on the system using a Path Traversal vulnerability in the importHistoriesCreate GraphQL mutation handler...
CVE-2024-57186
In Erxes 1.6.2, an unauthenticated attacker can read arbitrary files from the system using a Path Traversal vulnerability in the /read-file endpoint handler...
CVE-2024-57189
In Erxes 1.6.2, an authenticated attacker can write to arbitrary files on the system using a Path Traversal vulnerability in the importHistoriesCreate GraphQL mutation handler...
PT-2025-24712 · Erxes · Erxes
Name of the Vulnerable Software and Affected Versions: Erxes versions prior to 1.6.2 Description: The issue allows an authenticated attacker to write to arbitrary files on the system using a Path Traversal vulnerability in the importHistoriesCreate GraphQL mutation handler. Recommendations: For...
erxes 安全漏洞
erxes is an open source Hubspot/Qualtrics alternative to erxes open source. Enabling SaaS providers and digital marketing agencies/developers to create unique experiences for their entire business. A security vulnerability exists in erxes versions prior to 1.6.2 that stems from a path traversal...