Vulnerabilities > Armanidrisi
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-21 | CVE-2023-6142 | Cross-site Scripting vulnerability in Armanidrisi DEV Blog 1.0 Dev blog v1.0 allows to exploit an XSS through an unrestricted file upload, together with a bad entropy of filenames. | 5.4 |
| 2023-11-21 | CVE-2023-6144 | Authorization Bypass Through User-Controlled Key vulnerability in Armanidrisi DEV Blog 1.0 Dev blog v1.0 allows to exploit an account takeover through the "user" cookie. | 4.8 |