Lucene search
K
ExceedoneExment

7 matches found

CVE
CVE
added 2022/08/24 8:40 a.m.85 views

CVE-2022-37333

CVE-2022-37333 is a SQL injection vulnerability in Exment and related laravel-admin components. The issue affects PHP8: exceedone/exment e5.0.2 and earlier and exceedone/laravel-admin e3.0.0 and earlier; PHP7: exceedone/exment e4.4.2 and earlier and exceedone/laravel-admin e2.2.2 and earlier. The...

8.8CVSS8.7AI score0.0119EPSS
CVE
CVE
added 2022/08/24 8:41 a.m.82 views

CVE-2022-38080

The CVE-2022-38080 issue is a reflected cross-site scripting vulnerability in Exment and related Exment/laravel-admin components. Affected versions include Exment v5.0.2 and earlier (PHP8) and v4.4.2 and earlier (PHP7), plus corresponding laravel-admin builds (v3.0.0 and earlier; v2.2.2 and earli...

5.4CVSS5.2AI score0.00756EPSS
CVE
CVE
added 2022/08/24 8:41 a.m.81 views

CVE-2022-38089

CVE-2022-38089 describes a stored cross-site scripting (XSS) vulnerability in Exment and the exceedone/laravel-admin integration. The issue affects PHP8: exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier; PHP7: exceedone/exment v4.4.2 and earlier and exceedone/lar...

5.4CVSS5.2AI score0.00756EPSS
CVE
CVE
added 2024/10/18 6:5 a.m.64 views

CVE-2024-47793

CVE-2024-47793 affects Exment v6.1.4 and earlier and v5.0.11 and earlier. The issue is a stored cross-site scripting (XSS) vulnerability that can execute arbitrary script in a user’s browser when accessing the edit screen containing custom columns (column type: images or files). The underlying ro...

5.4CVSS6.2AI score0.00308EPSS
CVE
CVE
added 2024/10/18 6:3 a.m.61 views

CVE-2024-46897

Affected software: Exment (web app). Vulnerability: CVE-2024-46897 is an Incorrect Permission Assignment for a Critical Resource affecting Exment versions 6.1.4 and earlier and 5.0.11 and earlier. A logged-in user with the permission to manage tables may access and/or modify information in unauth...

3.8CVSS6.7AI score0.00356EPSS
CVE
CVE
added 2020/08/25 2:20 a.m.48 views

CVE-2020-5620

Exment prior to v3.6.0 is vulnerable to stored cross-site scripting (via a crafted file or certain inputs). The root cause is improper input sanitization (CWE-79) that allows an arbitrary script to run in a logged-in user’s browser. Affected product: Exment; affected versions: before 3.6.0. Impac...

5.4CVSS5AI score0.00635EPSS
CVE
CVE
added 2020/08/25 2:20 a.m.42 views

CVE-2020-5619

Exment v3.6.0 and earlier is vulnerable to cross-site scripting (stored XSS). The vulnerability arises from inadequate validation of client data, allowing remote authenticated attackers to inject and execute arbitrary script or HTML in a user’s browser when viewing affected pages. Public referenc...

5.4CVSS5AI score0.00664EPSS