Vulnerabilities > Openwebif Project > Openwebif
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-04 | CVE-2021-38113 | Cross-site Scripting vulnerability in Openwebif Project Openwebif In addBouquet in js/bqe.js in OpenWebif (aka e2openplugin-OpenWebif) through 1.4.7, inserting JavaScript into the Add Bouquet feature of the Bouquet Editor (i.e., bouqueteditor/api/addbouquet?name=) leads to Stored XSS. | 3.5 |
| 2018-12-21 | CVE-2018-20332 | Path Traversal vulnerability in Openwebif Project Openwebif An issue has been discovered in the OpenWebif plugin through 1.2.4 for Enigma2 based devices. | 5.0 |
| 2017-09-18 | CVE-2017-9333 | Improper Input Validation vulnerability in Openwebif Project Openwebif 1.2.5 OpenWebif 1.2.5 allows remote code execution via a URL to the CallOPKG function in the IpkgController class in plugin/controllers/ipkg.py, when the URL refers to an attacker-controlled web site with a Trojan horse package. | 6.8 |
| 2017-06-22 | CVE-2017-9807 | Code Injection vulnerability in Openwebif Project Openwebif An issue was discovered in the OpenWebif plugin through 1.2.4 for E2 open devices. | 10.0 |