Openwebif@* Security Vulnerabilities and Issues — Openwebif@* CVE List

Lucene search

Openwebif ProjectOpenwebif*

3 matches found

CVE•added 2021/08/04 7:15 p.m.•43 views

CVE-2021-38113

In addBouquet in js/bqe.js in OpenWebif (aka e2openplugin-OpenWebif) through 1.4.7, inserting JavaScript into the Add Bouquet feature of the Bouquet Editor (i.e., bouqueteditor/api/addbouquet?name=) leads to Stored XSS.

5.4CVSS5.4AI score0.00172EPSS

CVE•added 2017/06/22 3:29 a.m.•37 views

CVE-2017-9807

An issue was discovered in the OpenWebif plugin through 1.2.4 for E2 open devices. The saveConfig function of "plugin/controllers/models/config.py" performs an eval() call on the contents of the "key" HTTP GET parameter. This allows an unauthenticated remote attacker to execute arbitrary Python cod...

10CVSS9.8AI score0.14043EPSS

CVE•added 2018/12/21 9:29 a.m.•34 views

CVE-2018-20332

An issue has been discovered in the OpenWebif plugin through 1.2.4 for Enigma2 based devices. Reading of arbitrary files is possible with /file?action=download&file= followed by a full pathname, and listing of arbitrary directories is possible with /file?action=download&dir= followed by a full path...

7.5CVSS7.5AI score0.005EPSS