Skip to main content

Cmdbuild

2 CVEs product

Monthly

CVE-2021-47925 MEDIUM POC This Month

CMDBuild 3.3.2 contains multiple stored cross-site scripting vulnerabilities that allow authenticated attackers to inject arbitrary web script or HTML via crafted input in card creation and file. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Cmdbuild
NVD Exploit-DB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2022-25518 MEDIUM This Month

In CMDBuild from version 3.0 to 3.3.2 payload requests are saved in a temporary log table, which allows attackers with database access to read the password of the users who login to the application. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cmdbuild
NVD
CVSS 3.1
6.5
EPSS
0.7%
EPSS 0% CVSS 5.1
MEDIUM POC This Month

CMDBuild 3.3.2 contains multiple stored cross-site scripting vulnerabilities that allow authenticated attackers to inject arbitrary web script or HTML via crafted input in card creation and file. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Cmdbuild
NVD Exploit-DB
EPSS 1% CVSS 6.5
MEDIUM This Month

In CMDBuild from version 3.0 to 3.3.2 payload requests are saved in a temporary log table, which allows attackers with database access to read the password of the users who login to the application. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cmdbuild
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy