Vulnerabilities > Openwebif Project > Openwebif > 1.2.5
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-08-04 | CVE-2021-38113 | Cross-site Scripting vulnerability in Openwebif Project Openwebif In addBouquet in js/bqe.js in OpenWebif (aka e2openplugin-OpenWebif) through 1.4.7, inserting JavaScript into the Add Bouquet feature of the Bouquet Editor (i.e., bouqueteditor/api/addbouquet?name=) leads to Stored XSS. | 3.5 |
2017-09-18 | CVE-2017-9333 | Improper Input Validation vulnerability in Openwebif Project Openwebif 1.2.5 OpenWebif 1.2.5 allows remote code execution via a URL to the CallOPKG function in the IpkgController class in plugin/controllers/ipkg.py, when the URL refers to an attacker-controlled web site with a Trojan horse package. | 6.8 |