Vulnerabilities > Opendocman > Opendocman > 1.2.7.1

DATE CVE VULNERABILITY TITLE RISK
2015-09-07 CVE-2015-5625 Cross-site Scripting vulnerability in Opendocman
Cross-site scripting (XSS) vulnerability in OpenDocMan before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via the redirection parameter.
network
opendocman CWE-79
4.3
4.3
2014-07-10 CVE-2014-4853 Cross-Site Scripting vulnerability in Opendocman
Cross-site scripting (XSS) vulnerability in odm-init.php in OpenDocMan before 1.2.7.3 allows remote authenticated users to inject arbitrary web script or HTML via the file name of an uploaded file.
network
opendocman CWE-79
4.3
4.3
2014-03-09 CVE-2014-2317 SQL Injection vulnerability in Opendocman
SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the table parameter.
network
opendocman CWE-89
6.8
6.8
2014-03-09 CVE-2014-1945 SQL Injection vulnerability in Opendocman
SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the add_value parameter.
network
low complexity
opendocman CWE-89
7.5
7.5