Vulnerabilities > Xpressengine > Xpressengine > 1.7.3.8
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-20 | CVE-2021-26642 | Unrestricted Upload of File with Dangerous Type vulnerability in Xpressengine When uploading an image file to a bulletin board developed with XpressEngine, a vulnerability in which an arbitrary file can be uploaded due to insufficient verification of the file. | 9.8 |
| 2022-02-09 | CVE-2021-44911 | Cross-site Scripting vulnerability in Xpressengine XE before 1.11.6 is vulnerable to Unrestricted file upload via modules/menu/menu.admin.controller.php. | 3.5 |
| 2022-02-09 | CVE-2021-44912 | Cross-site Scripting vulnerability in Xpressengine In XE 1.116, when uploading the Normal button, there is no restriction on the file suffix, which leads to any file uploading to the files directory. | 3.5 |