Skip to main content

Bedita

3 CVEs product

Monthly

CVE-2019-15570 PHP CRITICAL PATCH Act Now

BEdita through 4.0.0-RC2 allows SQL injection during a save operation for a relation with parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Bedita
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2015-6809 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in BEdita before 3.6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) cfg[projectName] parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Bedita
NVD GitHub Exploit-DB
CVSS 2.0
4.3
EPSS
3.5%
CVE-2015-1040 LOW POC Monitor

Multiple cross-site scripting (XSS) vulnerabilities in the administrative backend in BEdita 3.4.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) lrealname field. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Bedita
NVD GitHub
CVSS 2.0
3.5
EPSS
0.4%
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

BEdita through 4.0.0-RC2 allows SQL injection during a save operation for a relation with parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Bedita
NVD GitHub
EPSS 4% CVSS 4.3
MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in BEdita before 3.6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) cfg[projectName] parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Bedita
NVD GitHub Exploit-DB
EPSS 0% CVSS 3.5
LOW POC Monitor

Multiple cross-site scripting (XSS) vulnerabilities in the administrative backend in BEdita 3.4.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) lrealname field. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Bedita
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy