Vulnerabilities > Chevereto
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-06-30 | CVE-2021-31721 | Cross-site Scripting vulnerability in Chevereto Chevereto before 3.17.1 allows Cross Site Scripting (XSS) via an image title at the image upload stage. | 4.3 |
2018-06-15 | CVE-2018-12030 | Cross-site Scripting vulnerability in Chevereto Chevereto Free before 1.0.13 has XSS. | 3.5 |
2017-07-17 | CVE-2017-1000058 | Cross-site Scripting vulnerability in Chevereto Stored XSS vulnerabilities in chevereto CMS before version 3.8.11, one in the user profile and one in the Exif data parser. | 4.3 |
2012-05-21 | CVE-2012-2919 | Path Traversal vulnerability in Chevereto 1.91 Directory traversal vulnerability in Upload/engine.php in Chevereto 1.9.1 allows remote attackers to determine the existence of arbitrary files via a .. | 5.0 |
2012-05-21 | CVE-2012-2918 | Cross-Site Scripting vulnerability in Chevereto 1.91 Cross-site scripting (XSS) vulnerability in Upload/engine.php in Chevereto 1.91 allows remote attackers to inject arbitrary web script or HTML via the v parameter. | 4.3 |