Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
112052.1%HIGH

Related CVEs

12
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2024-46898SHIRASAGI prior to v1.19.1 processes URLs in HTTP requests improperly, resulting in a path traversal vulnerability. If this vulnerability is exploited, arbitrary files on the server may be retrieved when processing crafted HTTP requests.HIGH7.559.0%Oct 15, 2024
CVE-2023-41889SHIRASAGI is a Content Management System. Prior to version 1.18.0, SHIRASAGI is vulnerable to a Post-Unicode normalization issue. This happens when a logical validation or a security check is performed before a Unicode normalization. The Unicode character equivalent of a character would resurface after the normalization. The fix is initially performing the Unicode normalization and then strip for all whitespaces and then checking for a blank string. This issue has been fixed in version 1.18.0. MEDIUM5.343.4%Sep 15, 2023
CVE-2023-38569Stored cross-site scripting vulnerability in SHIRASAGI prior to v1.18.0 allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product.MEDIUM5.428.1%Sep 5, 2023
CVE-2023-36492Reflected cross-site scripting vulnerability in SHIRASAGI prior to v1.18.0 allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product.MEDIUM6.132.9%Sep 5, 2023
CVE-2023-39448Path traversal vulnerability in SHIRASAGI prior to v1.18.0 allows a remote authenticated attacker to alter or create arbitrary files on the server, resulting in arbitrary code execution.HIGH8.860.6%Sep 5, 2023
CVE-2023-22427Stored cross-site scripting vulnerability in Theme switching function of SHIRASAGI v1.16.2 and earlier versions allows a remote attacker with an administrative privilege to inject an arbitrary script.MEDIUM4.8Feb 24, 2023
CVE-2023-22425Stored cross-site scripting vulnerability in Schedule function of SHIRASAGI v1.16.2 and earlier versions allows a remote authenticated attacker to inject an arbitrary script.MEDIUM5.4Feb 24, 2023
CVE-2022-43499Stored cross-site scripting vulnerability in SHIRASAGI versions prior to v1.16.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script.MEDIUM5.4Dec 5, 2022
CVE-2022-43479Open redirect vulnerability in SHIRASAGI v1.14.4 to v1.15.0 allows a remote unauthenticated attacker to redirect users to an arbitrary web site and conduct a phishing attack.MEDIUM6.1Dec 5, 2022
CVE-2022-29485Cross-site scripting vulnerability in SHIRASAGI v1.0.0 to v1.14.2, and v1.15.0 allows a remote attacker to inject an arbitrary script via unspecified vectors.MEDIUM6.1Jun 14, 2022
CVE-2020-5607Open redirect vulnerability in SHIRASAGI v1.13.1 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.MEDIUM6.164.4%Jul 10, 2020
CVE-2019-6009Open redirect vulnerability in SHIRASAGI v1.7.0 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.MEDIUM6.176.4%Sep 12, 2019