Vulnerabilities > Xpressengine

DATE CVE VULNERABILITY TITLE RISK
2023-02-07 CVE-2011-10003 Unspecified vulnerability in Xpressengine
A vulnerability was found in XpressEngine up to 1.4.4.
network
low complexity
xpressengine
critical
9.8
2023-01-20 CVE-2021-26642 Unrestricted Upload of File with Dangerous Type vulnerability in Xpressengine
When uploading an image file to a bulletin board developed with XpressEngine, a vulnerability in which an arbitrary file can be uploaded due to insufficient verification of the file.
network
low complexity
xpressengine CWE-434
critical
9.8
2022-02-09 CVE-2021-44911 Cross-site Scripting vulnerability in Xpressengine
XE before 1.11.6 is vulnerable to Unrestricted file upload via modules/menu/menu.admin.controller.php.
network
low complexity
xpressengine CWE-79
5.4
2022-02-09 CVE-2021-44912 Cross-site Scripting vulnerability in Xpressengine
In XE 1.116, when uploading the Normal button, there is no restriction on the file suffix, which leads to any file uploading to the files directory.
network
low complexity
xpressengine CWE-79
5.4