Lucene search
K
KodcloudKodexplorer

10 matches found

CVE
CVE
added 2023/12/19 12:0 a.m.103 views

CVE-2023-49489

Affected software: KodExplorer 4.51. Vulnerability: Reflective Cross-Site Scripting (XSS) via the APP_HOST parameter in config/i18n/en/main.php. Attackers can obtain sensitive information and escalate privileges according to the Nuclei/Nuclei templates entry; no exploitation details beyond that a...

6.1CVSS6AI score0.00726EPSS
Web
CVE
CVE
added 2023/12/16 11:31 a.m.90 views

CVE-2023-6852

CVE-2023-6852 affects kalcaddle KodExplorer up to 4.51.03, via an issue in the file plugins/webodf/app.php that enables server-side request forgery (SSRF) . The vulnerability allows remote exploitation; the exploit has been disclosed publicly. A patch is available: upgrade to 4.52.01 . The provid...

9.8CVSS8.2AI score0.00762EPSS
CVE
CVE
added 2023/12/16 12:0 p.m.82 views

CVE-2023-6853

CVE-2023-6853 affects kalcaddle KodExplorer up to version 4.51.03. The vulnerability lies in the function index of the file plugins/officeLive/app.php, where manipulation of the path argument enables server-side request forgery (SSRF). The flaw can be exploited remotely and the exploit has been d...

9.8CVSS8.2AI score0.00701EPSS
Web
CVE
CVE
added 2023/09/06 12:0 a.m.78 views

CVE-2021-36646

CVE-2021-36646 – KodExplorer 4.45 : Several connected sources confirm a cross-site scripting (XSS) issue. The nuclei template specifies a reflected XSS in the file view functionality, specifically in app/template/api/view.html where the path parameter is echoed unsafely, enabling attacker-supplie...

6.1CVSS6.2AI score0.00705EPSS
CVE
CVE
added 2022/12/06 6:8 p.m.68 views

CVE-2022-46154

CVE-2022-46154 affects KodExplorer (prior to v4.50). The issue lets unauthenticated users request arbitrary files from the host OS file system due to inadequate access control/path traversal. Impact: access to any files available to the host process. The vulnerability is addressed in version 4.50...

8.6CVSS8AI score0.0082EPSS
CVE
CVE
added 2023/04/22 6:0 p.m.65 views

CVE-2022-4944

KodExplorer (kalcaddle) up to version 4.49 contains a cross-site request forgery (CSRF) vulnerability. The issue affects an unknown part of the software and can be triggered remotely; exploits have been publicly disclosed. Upgrading to version 4.50 addresses the issue. Multiple connected sources ...

8.8CVSS6.4AI score0.02666EPSS
CVE
CVE
added 2023/12/16 8:31 a.m.62 views

CVE-2023-6850

CVE-2023-6850 affects kalcaddle KodExplorer up to version 4.51.03. The vulnerability resides in the API Endpoint Handler (file: /index.php?pluginApp/to/yzOffice/getFile) where manipulation of the path/file argument enables unrestricted upload. Exploitation can be performed remotely, and the vulne...

9.8CVSS8.2AI score0.00841EPSS
Web
CVE
CVE
added 2023/12/16 11:0 a.m.58 views

CVE-2023-6851

The CVE-2023-6851 vulnerability affects kalcaddle KodExplorer up to version 4.51.03, specifically the ZIP Archive Handler's function unzipList in plugins/zipView/app.php. The issue enables code injection, with remote exploitation and publicly disclosed exploit details. Mitigation: upgrade to vers...

9.8CVSS8.5AI score0.0091EPSS
CVE
CVE
added 2023/07/10 12:0 a.m.43 views

CVE-2023-37153

CVE-2023-37153 : KodExplorer 4.51 contains a Cross-Site Scripting (XSS) vulnerability in the Description field of the Light App creation feature. An attacker can inject XSS syntax into the Description, causing script execution when the field is rendered. The available connected documents confirm ...

6.1CVSS5.8AI score0.00614EPSS
CVE
CVE
added 2025/12/11 9:43 p.m.9 views

CVE-2025-34504

CVE-2025-34504 affects KodExplorer 4.52. The vulnerability is an open redirect on the user login page where the attacker-controlled link parameter can redirect authenticated users to arbitrary external sites. Root cause: improper validation of the login URL’s link parameter. Impact: potential cre...

6.1CVSS6.5AI score0.00278EPSS