Lucene search

Chevereto Security Vulnerabilities

cve

CVE-2012-2918

Cross-site scripting (XSS) vulnerability in Upload/engine.php in Chevereto 1.91 allows remote attackers to inject arbitrary web script or HTML via the v parameter.

5.9AI Score

0.002EPSS

2012-05-21 10:55 PM

cve

CVE-2012-2919

Directory traversal vulnerability in Upload/engine.php in Chevereto 1.9.1 allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in the v parameter.

6.9AI Score

0.012EPSS

2012-05-21 10:55 PM

cve

CVE-2017-1000058

Stored XSS vulnerabilities in chevereto CMS before version 3.8.11, one in the user profile and one in the Exif data parser.

6.1CVSS

6AI Score

0.001EPSS

2017-07-17 01:18 PM

cve

CVE-2018-12030

Chevereto Free before 1.0.13 has XSS.

5.4CVSS

5.5AI Score

0.001EPSS

2018-06-15 04:29 PM

cve

CVE-2021-31721

Chevereto before 3.17.1 allows Cross Site Scripting (XSS) via an image title at the image upload stage.

6.1CVSS

6AI Score

0.005EPSS

2021-06-30 11:15 AM