Vulnerabilities > Openrefine > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-10-24 CVE-2024-49760 Path Traversal vulnerability in Openrefine
OpenRefine is a free, open source tool for working with messy data.
network
low complexity
openrefine CWE-22
5.3
5.3
2024-10-24 CVE-2024-47878 Cross-site Scripting vulnerability in Openrefine
OpenRefine is a free, open source tool for working with messy data.
network
low complexity
openrefine CWE-79
6.1
6.1
2024-10-24 CVE-2024-47880 Cross-site Scripting vulnerability in Openrefine
OpenRefine is a free, open source tool for working with messy data.
network
high complexity
openrefine CWE-79
6.9
6.9
2024-10-24 CVE-2024-47882 Cross-site Scripting vulnerability in Openrefine
OpenRefine is a free, open source tool for working with messy data.
network
low complexity
openrefine CWE-79
6.1
6.1
2023-08-04 CVE-2022-41401 Server-Side Request Forgery (SSRF) vulnerability in Openrefine
OpenRefine <= v3.5.2 contains a Server-Side Request Forgery (SSRF) vulnerability, which permits unauthorized users to exploit the system, potentially leading to unauthorized access to internal resources and sensitive file disclosure.
network
low complexity
openrefine CWE-918
6.5
6.5
2019-01-03 CVE-2019-3580 Path Traversal vulnerability in Openrefine
OpenRefine through 3.1 allows arbitrary file write because Directory Traversal can occur during the import of a crafted project file.
network
low complexity
openrefine CWE-22
5.0
5.0
2018-12-15 CVE-2018-20157 XXE vulnerability in Openrefine
The data import functionality in OpenRefine through 3.1 allows an XML External Entity (XXE) attack through a crafted (zip) file, allowing attackers to read arbitrary files.
network
low complexity
openrefine CWE-611
5.0
5.0
2018-12-05 CVE-2018-19859 Path Traversal vulnerability in Openrefine
OpenRefine before 3.2 beta allows directory traversal via a relative pathname in a ZIP archive.
network
low complexity
openrefine CWE-22
4.0
4.0