Shirasagi Security Vulnerabilities and Issues — Shirasagi CVE List

Lucene search

Ss-projShirasagi

6 matches found

CVE•added 2023/02/24 6:15 a.m.•33 views

CVE-2023-22425

Stored cross-site scripting vulnerability in Schedule function of SHIRASAGI v1.16.2 and earlier versions allows a remote authenticated attacker to inject an arbitrary script.

5.4CVSS5AI score0.00319EPSS

CVE•added 2023/09/05 10:15 a.m.•29 views

CVE-2023-36492

Reflected cross-site scripting vulnerability in SHIRASAGI prior to v1.18.0 allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product.

6.1CVSS6.1AI score0.00675EPSS

CVE•added 2023/09/05 10:15 a.m.•27 views

CVE-2023-38569

Stored cross-site scripting vulnerability in SHIRASAGI prior to v1.18.0 allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product.

5.4CVSS5.1AI score0.00327EPSS

CVE•added 2023/09/15 9:15 p.m.•26 views

CVE-2023-41889

SHIRASAGI is a Content Management System. Prior to version 1.18.0, SHIRASAGI is vulnerable to a Post-Unicode normalization issue. This happens when a logical validation or a security check is performed before a Unicode normalization. The Unicode character equivalent of a character would resurface a...

5.3CVSS5.3AI score0.00154EPSS

CVE•added 2023/02/24 6:15 a.m.•25 views

CVE-2023-22427

Stored cross-site scripting vulnerability in Theme switching function of SHIRASAGI v1.16.2 and earlier versions allows a remote attacker with an administrative privilege to inject an arbitrary script.

4.8CVSS4.9AI score0.00214EPSS

CVE•added 2023/09/05 9:15 a.m.•24 views

CVE-2023-39448

Path traversal vulnerability in SHIRASAGI prior to v1.18.0 allows a remote authenticated attacker to alter or create arbitrary files on the server, resulting in arbitrary code execution.

8.8CVSS8.6AI score0.04727EPSS