H6Web

2 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-1271 MEDIUM This Month

Reflected Cross-Site Scripting (XSS) in Anapi Group's h6web. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS H6Web
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2025-1270 CRITICAL Act Now

Insecure direct object reference (IDOR) vulnerability in Anapi Group's h6web, allows an authenticated attacker to access other users' information by making a POST request and modifying the. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Authentication Bypass H6Web
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-1271
EPSS 0% CVSS 6.1
MEDIUM This Month

Reflected Cross-Site Scripting (XSS) in Anapi Group's h6web. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS H6Web
NVD
CVE-2025-1270
EPSS 0% CVSS 9.1
CRITICAL Act Now

Insecure direct object reference (IDOR) vulnerability in Anapi Group's h6web, allows an authenticated attacker to access other users' information by making a POST request and modifying the. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Authentication Bypass H6Web
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy