Skip to main content

Fess

2 CVEs product

Monthly

CVE-2025-48382 Maven LOW PATCH Monitor

Fess is a deployable Enterprise Search Server. Rated low severity (CVSS 1.2), this vulnerability is no authentication required, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure Fess
NVD GitHub
CVSS 4.0
1.2
EPSS
0.1%
CVE-2018-1000822 Maven CRITICAL PATCH Act Now

codelibs fess version before commit faa265b contains a XML External Entity (XXE) vulnerability in GSA XML file parser that can result in Disclosure of confidential data, denial of service, SSRF, port. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service XXE SSRF Fess
NVD GitHub
CVSS 3.0
10.0
EPSS
1.9%
EPSS 0% CVSS 1.2
LOW PATCH Monitor

Fess is a deployable Enterprise Search Server. Rated low severity (CVSS 1.2), this vulnerability is no authentication required, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure Fess
NVD GitHub
EPSS 2% CVSS 10.0
CRITICAL PATCH Act Now

codelibs fess version before commit faa265b contains a XML External Entity (XXE) vulnerability in GSA XML file parser that can result in Disclosure of confidential data, denial of service, SSRF, port. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service XXE SSRF +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy