Vulnerabilities > Litespeedtech > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-24 | CVE-2024-3246 | Cross-Site Request Forgery (CSRF) vulnerability in Litespeedtech Litespeed Cache The LiteSpeed Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.2.0.1. | 5.4 |
| 2024-01-11 | CVE-2023-4372 | Cross-site Scripting vulnerability in Litespeedtech Litespeed Cache The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'esi' shortcode in versions up to, and including, 5.6 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2022-10-27 | CVE-2022-0072 | Path Traversal vulnerability in Litespeedtech Openlitespeed Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Path Traversal. | 5.8 |
| 2020-12-26 | CVE-2020-29172 | Cross-site Scripting vulnerability in Litespeedtech Litespeed Cache A cross-site scripting (XSS) vulnerability in the LiteSpeed Cache plugin before 3.6.1 for WordPress can be exploited via the Server IP setting. | 4.3 |
| 2018-12-03 | CVE-2018-19792 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Litespeedtech Openlitespeed The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 allows local users to cause a denial of service (buffer overflow) or possibly have unspecified other impact by creating a symlink through which the openlitespeed program can be invoked with a long command name (involving ../ characters), which is mishandled in the LshttpdMain::getServerRootFromExecutablePath function. | 4.6 |
| 2018-12-03 | CVE-2018-19791 | Improper Input Validation vulnerability in Litespeedtech Openlitespeed The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 does not correctly handle requests for byte sequences, allowing an attacker to amplify the response size by requesting the entire response body repeatedly, as demonstrated by an HTTP Range header value beginning with the "bytes=0-,0-" substring. | 4.0 |
| 2017-09-20 | CVE-2015-3890 | Use After Free vulnerability in Litespeedtech Openlitespeed Use-after-free vulnerability in Open Litespeed before 1.3.10. | 5.0 |
| 2010-06-18 | CVE-2010-2333 | Information Exposure vulnerability in Litespeedtech Litespeed web Server LiteSpeed Technologies LiteSpeed Web Server 4.0.x before 4.0.15 allows remote attackers to read the source code of scripts via an HTTP request with a null byte followed by a .txt file extension. | 5.0 |