Resourcespace@* Security Vulnerabilities and Issues — Resourcespace@* CVE List

Lucene search

MontalaResourcespace*

5 matches found

CVE•added 2015/06/09 2:59 p.m.•126 views

CVE-2015-3648

Directory traversal vulnerability in pages/setup.php in Montala Limited ResourceSpace before 7.2.6727 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the defaultlanguage parameter.

7.5CVSS7.1AI score0.45832EPSS

CVE•added 2022/07/17 8:15 p.m.•54 views

CVE-2022-31260

In Montala ResourceSpace through 9.8 before r19636, csv_export_results_metadata.php allows attackers to export collection metadata via a non-NULL k value.

6.5CVSS6.6AI score0.13904EPSS

CVE•added 2021/11/15 4:15 p.m.•52 views

CVE-2021-41951

ResourceSpace before 9.6 rev 18290 is affected by a reflected Cross-Site Scripting vulnerability in plugins/wordpress_sso/pages/index.php via the wordpress_user parameter. If an attacker is able to persuade a victim to visit a crafted URL, malicious JavaScript content may be executed within the con...

6.1CVSS5.9AI score0.55022EPSS

CVE•added 2015/09/11 4:59 p.m.•29 views

CVE-2015-6915

SQL injection vulnerability in Montala Limited ResourceSpace 7.3.7009 and earlier allows remote attackers to execute arbitrary SQL commands via the "user" cookie to plugins/feedback/pages/feedback.php.

7.5CVSS8.7AI score0.00319EPSS

CVE•added 2011/11/19 3:58 a.m.•28 views

CVE-2011-4311

ResourceSpace before 4.2.2833 does not properly validate access keys, which allows remote attackers to bypass intended resource restrictions via unspecified vectors.

5CVSS6.9AI score0.00178EPSS