Vulnerabilities > Litespeedtech

DATE CVE VULNERABILITY TITLE RISK
2024-02-09 CVE-2024-25678 Unspecified vulnerability in Litespeedtech Lsquic
In LiteSpeed QUIC (LSQUIC) Library before 4.0.4, DCID validation is mishandled.
network
low complexity
litespeedtech
critical
9.8
2024-01-11 CVE-2023-4372 Cross-site Scripting vulnerability in Litespeedtech Litespeed Cache
The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'esi' shortcode in versions up to, and including, 5.6 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
litespeedtech CWE-79
5.4
2023-08-14 CVE-2023-40518 Unspecified vulnerability in Litespeedtech Openlitespeed
LiteSpeed OpenLiteSpeed before 1.7.18 does not strictly validate HTTP request headers.
network
low complexity
litespeedtech
7.5
2023-05-25 CVE-2022-46800 Cross-Site Request Forgery (CSRF) vulnerability in Litespeedtech Litespeed Cache
Cross-Site Request Forgery (CSRF) vulnerability in LiteSpeed Technologies LiteSpeed Cache plugin <= 5.3 versions.
network
low complexity
litespeedtech CWE-352
8.8
2022-10-27 CVE-2022-0072 Path Traversal vulnerability in Litespeedtech Openlitespeed
Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Path Traversal.
network
low complexity
litespeedtech CWE-22
5.8
2022-10-27 CVE-2022-0073 Improper Input Validation vulnerability in Litespeedtech Openlitespeed
Improper Input Validation vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Command Injection.
network
low complexity
litespeedtech CWE-20
8.8
2022-10-27 CVE-2022-0074 Untrusted Search Path vulnerability in Litespeedtech Openlitespeed
Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server Container allows Privilege Escalation.
network
low complexity
litespeedtech CWE-426
8.8
2022-05-11 CVE-2022-30592 NULL Pointer Dereference vulnerability in Litespeedtech Lsquic
liblsquic/lsquic_qenc_hdl.c in LiteSpeed QUIC (aka LSQUIC) before 3.1.0 mishandles MAX_TABLE_CAPACITY.
network
low complexity
litespeedtech CWE-476
7.5
2022-01-03 CVE-2021-24963 Cross-site Scripting vulnerability in Litespeedtech Litespeed Cache
The LiteSpeed Cache WordPress plugin before 4.4.4 does not escape the qc_res parameter before outputting it back in the JS code of an admin page, leading to a Reflected Cross-Site Scripting
3.5
2022-01-03 CVE-2021-24964 Cross-site Scripting vulnerability in Litespeedtech Litespeed Cache
The LiteSpeed Cache WordPress plugin before 4.4.4 does not properly verify that requests are coming from QUIC.cloud servers, allowing attackers to make requests to certain endpoints by using a specific X-Forwarded-For header value.
network
high complexity
litespeedtech CWE-79
2.6