Lucene search

Statusnet Security Vulnerabilities - February

cve

CVE-2010-4658

statusnet through 2010 allows attackers to spoof syslog messages via newline injection attacks.

5.3CVSS

5.4AI Score

0.001EPSS

2020-02-07 04:15 PM

cve

CVE-2010-4659

Cross-site scripting (XSS) vulnerability in statusnet through 2010 in error message contents.

6.1CVSS

6.1AI Score

0.001EPSS

2019-11-20 05:15 PM

cve

CVE-2010-4660

Unspecified vulnerability in statusnet through 2010 due to the way addslashes are used in SQL string escapes..

9.8CVSS

9.5AI Score

0.002EPSS

2019-11-20 04:15 PM

cve

CVE-2011-3370

statusnet before 0.9.9 has XSS

6.1CVSS

6AI Score

0.001EPSS

2019-11-12 02:15 PM

cve

CVE-2011-3802

StatusNet 0.9.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tpl/index.php and certain other files.

6.3AI Score

0.003EPSS

2011-09-24 12:55 AM

cve

CVE-2013-4137

Multiple SQL injection vulnerabilities in StatusNet 1.0 before 1.0.2 and 1.1.0 allow remote attackers to execute arbitrary SQL commands via vectors related to user lists and "a particular tag format."

8.7AI Score

0.001EPSS

2013-10-11 10:55 PM