Webgui Security Vulnerabilities and Issues — Webgui CVE List

Plain BlackWebgui

8 matches found

CVE•added 2007/01/23 12:0 a.m.•47 views

CVE-2007-0407

CVE-2007-0407 describes a cross-site scripting (XSS) vulnerability in Plain Black WebGUI, specifically in Operation/User.pm for versions before 7.3.5 (beta). The issue arises from accepting a username during anonymous registration, allowing an attacker to inject arbitrary web script or HTML. The ...

6.8CVSS5.5AI score0.01401EPSS

CVE•added 2007/01/18 12:0 a.m.•45 views

CVE-2007-0308

Plain Black WebGUI is affected by CVE-2007-0308: an XSS in Wiki Page titles allows remote injection of script/HTML. Affected product/version: Plain Black WebGUI before 7.3.4 (beta). Root cause: improper handling of Wiki Page titles leads to script injection. Impact per sources: client-side script...

6.8CVSS5.6AI score0.01146EPSS

CVE•added 2007/12/20 8:0 p.m.•45 views

CVE-2007-6487

Affected product: Plain Black WebGUI 7.4.0–7.4.17. Vulnerability arises in the admin account creation logic that allows remote authenticated users with Secondary Admin privileges to create Admin accounts (privilege escalation). No exploitation details are provided in the documents. Remediation: u...

4.9CVSS6.3AI score0.00883EPSS

CVE•added 2007/01/31 6:0 p.m.•43 views

CVE-2007-0629

CVE-2007-0629 affects Plain Black WebGUI prior to version 7.3.8, where the www_purgeList method fails to properly enforce user permissions, enabling an attacker to delete assets they should not be able to access. The vulnerability is documented in multiple sources (NVD/NVD-derived entries) and is...

6.4CVSS6.5AI score0.01377EPSS

CVE•added 2006/02/15 12:0 a.m.•42 views

CVE-2006-0680

CVE-2006-0680 affects WebGUI prior to version 6.8.6-gamma, allowing remote attackers to create an account via a specific URL when anonymous registration is disabled. The provided documents confirm the affected software and the vulnerability condition; no explicit fix/version is stated within the ...

5CVSS6.5AI score0.01354EPSS

CVE•added 2006/01/11 9:0 p.m.•41 views

CVE-2006-0165

CVE-2006-0165 affects Plain Black WebGUI (DataForm Entries) prior to version 6.8.4 (gamma). The vulnerability arises in the default email form’s url and name fields, enabling remote attackers to inject arbitrary Javascript (XSS). The provided sources confirm the affected product and vulnerable co...

4.3CVSS5.9AI score0.0118EPSS

CVE•added 2008/05/05 4:0 p.m.•41 views

CVE-2008-2077

The CVE-2008-2077 entry concerns Plain Black WebGUI prior to version 7.4.35, where data form list view handling is implicated. Connected sources indicate a vulnerability labeled as WebGUI

10CVSS6.4AI score0.01541EPSS

CVE•added 2007/05/17 8:0 p.m.•38 views

CVE-2007-2746

The CVE-2007-2746 entry concerns Plain Black WebGUI: the viewList function in lib/WebGUI/Asset/Wobject/DataForm.pm for versions before 7.3.14 improperly uses data structures containing privilege information, enabling remote authenticated users to obtain sensitive data or potentially cause other u...

3.5CVSS6.3AI score0.00924EPSS