Vulnerabilities > SS Proj
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-15 | CVE-2024-46898 | Path Traversal vulnerability in Ss-Proj Shirasagi SHIRASAGI prior to v1.19.1 processes URLs in HTTP requests improperly, resulting in a path traversal vulnerability. | 7.5 |
| 2023-09-15 | CVE-2023-41889 | Improper Encoding or Escaping of Output vulnerability in Ss-Proj Shirasagi SHIRASAGI is a Content Management System. | 5.3 |
| 2023-09-05 | CVE-2023-36492 | Cross-site Scripting vulnerability in Ss-Proj Shirasagi Reflected cross-site scripting vulnerability in SHIRASAGI prior to v1.18.0 allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product. | 6.1 |
| 2023-09-05 | CVE-2023-38569 | Cross-site Scripting vulnerability in Ss-Proj Shirasagi Stored cross-site scripting vulnerability in SHIRASAGI prior to v1.18.0 allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product. | 5.4 |
| 2023-09-05 | CVE-2023-39448 | Path Traversal vulnerability in Ss-Proj Shirasagi Path traversal vulnerability in SHIRASAGI prior to v1.18.0 allows a remote authenticated attacker to alter or create arbitrary files on the server, resulting in arbitrary code execution. | 8.8 |
| 2023-02-24 | CVE-2023-22425 | Cross-site Scripting vulnerability in Ss-Proj Shirasagi Stored cross-site scripting vulnerability in Schedule function of SHIRASAGI v1.16.2 and earlier versions allows a remote authenticated attacker to inject an arbitrary script. | 5.4 |
| 2023-02-24 | CVE-2023-22427 | Cross-site Scripting vulnerability in Ss-Proj Shirasagi Stored cross-site scripting vulnerability in Theme switching function of SHIRASAGI v1.16.2 and earlier versions allows a remote attacker with an administrative privilege to inject an arbitrary script. | 4.8 |
| 2022-12-05 | CVE-2022-43479 | Open Redirect vulnerability in Ss-Proj Shirasagi 1.14.4/1.15.0 Open redirect vulnerability in SHIRASAGI v1.14.4 to v1.15.0 allows a remote unauthenticated attacker to redirect users to an arbitrary web site and conduct a phishing attack. | 6.1 |
| 2022-12-05 | CVE-2022-43499 | Cross-site Scripting vulnerability in Ss-Proj Shirasagi Stored cross-site scripting vulnerability in SHIRASAGI versions prior to v1.16.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. | 5.4 |
| 2022-06-14 | CVE-2022-29485 | Cross-site Scripting vulnerability in Ss-Proj Shirasagi Cross-site scripting vulnerability in SHIRASAGI v1.0.0 to v1.14.2, and v1.15.0 allows a remote attacker to inject an arbitrary script via unspecified vectors. | 6.1 |