Lucene search

K

12 matches found

CVE
CVE
added 2019/09/12 5:15 p.m.112 views

CVE-2019-6009

Open redirect vulnerability in SHIRASAGI v1.7.0 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

6.1CVSS6.2AI score0.00318EPSS
CVE
CVE
added 2022/06/14 9:15 a.m.45 views

CVE-2022-29485

Cross-site scripting vulnerability in SHIRASAGI v1.0.0 to v1.14.2, and v1.15.0 allows a remote attacker to inject an arbitrary script via unspecified vectors.

6.1CVSS6AI score0.00381EPSS
CVE
CVE
added 2020/07/10 2:15 a.m.43 views

CVE-2020-5607

Open redirect vulnerability in SHIRASAGI v1.13.1 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

6.1CVSS6.2AI score0.00591EPSS
CVE
CVE
added 2024/10/15 7:15 a.m.40 views

CVE-2024-46898

SHIRASAGI prior to v1.19.1 processes URLs in HTTP requests improperly, resulting in a path traversal vulnerability. If this vulnerability is exploited, arbitrary files on the server may be retrieved when processing crafted HTTP requests.

8.6CVSS6.9AI score0.00506EPSS
CVE
CVE
added 2022/12/05 4:15 a.m.39 views

CVE-2022-43499

Stored cross-site scripting vulnerability in SHIRASAGI versions prior to v1.16.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script.

5.4CVSS5.1AI score0.00288EPSS
CVE
CVE
added 2022/12/05 4:15 a.m.33 views

CVE-2022-43479

Open redirect vulnerability in SHIRASAGI v1.14.4 to v1.15.0 allows a remote unauthenticated attacker to redirect users to an arbitrary web site and conduct a phishing attack.

6.1CVSS6.2AI score0.00449EPSS
CVE
CVE
added 2023/02/24 6:15 a.m.33 views

CVE-2023-22425

Stored cross-site scripting vulnerability in Schedule function of SHIRASAGI v1.16.2 and earlier versions allows a remote authenticated attacker to inject an arbitrary script.

5.4CVSS5AI score0.00319EPSS
CVE
CVE
added 2023/09/05 10:15 a.m.29 views

CVE-2023-36492

Reflected cross-site scripting vulnerability in SHIRASAGI prior to v1.18.0 allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product.

6.1CVSS6.1AI score0.00675EPSS
CVE
CVE
added 2023/09/05 10:15 a.m.27 views

CVE-2023-38569

Stored cross-site scripting vulnerability in SHIRASAGI prior to v1.18.0 allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product.

5.4CVSS5.1AI score0.00327EPSS
CVE
CVE
added 2023/02/24 6:15 a.m.25 views

CVE-2023-22427

Stored cross-site scripting vulnerability in Theme switching function of SHIRASAGI v1.16.2 and earlier versions allows a remote attacker with an administrative privilege to inject an arbitrary script.

4.8CVSS4.9AI score0.00214EPSS
CVE
CVE
added 2023/09/15 9:15 p.m.25 views

CVE-2023-41889

SHIRASAGI is a Content Management System. Prior to version 1.18.0, SHIRASAGI is vulnerable to a Post-Unicode normalization issue. This happens when a logical validation or a security check is performed before a Unicode normalization. The Unicode character equivalent of a character would resurface a...

5.3CVSS5.3AI score0.00154EPSS
CVE
CVE
added 2023/09/05 9:15 a.m.23 views

CVE-2023-39448

Path traversal vulnerability in SHIRASAGI prior to v1.18.0 allows a remote authenticated attacker to alter or create arbitrary files on the server, resulting in arbitrary code execution.

8.8CVSS8.6AI score0.04727EPSS