Openpne Security Vulnerabilities and Issues — Openpne CVE List

Lucene search

TejimayaOpenpne

4 matches found

CVE•added 2010/03/23 6:30 p.m.•47 views

CVE-2010-1040

The "IP address range limitation" function in OpenPNE 1.6 through 1.8, 2.0 through 2.8, 2.10 through 2.14, and 3.0 through 3.4, when mobile device support is enabled, allows remote attackers to bypass the "simple login" functionality via unknown vectors related to spoofing.

5.8CVSS6.8AI score0.00241EPSS

CVE•added 2013/06/17 3:29 a.m.•32 views

CVE-2013-2309

Cross-site scripting (XSS) vulnerability in the management screen in OpenPNE 3.4.x before 3.4.21.1, 3.6.x before 3.6.9.1, and 3.8.x before 3.8.5.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving the "mobile version color scheme."

4.3CVSS5.8AI score0.00296EPSS

CVE•added 2014/01/24 3:8 p.m.•32 views

CVE-2013-5350

The "Remember me" feature in the opSecurityUser::getRememberLoginCookie function in lib/user/opSecurityUser.class.php in OpenPNE 3.6.13 before 3.6.13.1 and 3.8.9 before 3.8.9.1 does not properly validate login data in HTTP Cookie headers, which allows remote attackers to conduct PHP object injectio...

7.5CVSS7.6AI score0.00675EPSS

Web

CVE•added 2020/01/24 3:15 p.m.•25 views

CVE-2013-4333

OpenPNE 3 versions 3.8.7, 3.6.11, 3.4.21.1, 3.2.7.6, 3.0.8.5 has an External Entity Injection Vulnerability

9.1CVSS9.2AI score0.02158EPSS