Skip to main content

Opennebula

7 CVEs product

Monthly

CVE-2025-56537 MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability in opennebula v6.10.0.1 and fixed in v.7.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the virtual network template parameter.

XSS Opennebula
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-56536 MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the user information parameter.

XSS Opennebula
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-56535 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the zone attribute parameter.

XSS Opennebula
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-56534 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in the custom authenticator driver of opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

XSS Opennebula
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2022-37426 HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in OpenNebula OpenNebula core on Linux allows File Content Injection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Opennebula
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-37425 CRITICAL Act Now

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in OpenNebula OpenNebula core on Linux allows Remote Code Inclusion. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Opennebula
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-37424 MEDIUM This Month

Files or Directories Accessible to External Parties vulnerability in OpenNebula on Linux allows File Discovery. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Path Traversal Opennebula
NVD
CVSS 3.1
6.5
EPSS
0.7%
EPSS 0% CVSS 6.1
MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability in opennebula v6.10.0.1 and fixed in v.7.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the virtual network template parameter.

XSS Opennebula
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the user information parameter.

XSS Opennebula
NVD GitHub VulDB
EPSS 0% CVSS 6.1
MEDIUM This Month

A cross-site scripting (XSS) vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the zone attribute parameter.

XSS Opennebula
NVD GitHub VulDB
EPSS 0% CVSS 6.1
MEDIUM This Month

A cross-site scripting (XSS) vulnerability in the custom authenticator driver of opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

XSS Opennebula
NVD GitHub VulDB
EPSS 1% CVSS 7.5
HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in OpenNebula OpenNebula core on Linux allows File Content Injection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Opennebula
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in OpenNebula OpenNebula core on Linux allows Remote Code Inclusion. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Opennebula
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Files or Directories Accessible to External Parties vulnerability in OpenNebula on Linux allows File Discovery. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Path Traversal Opennebula
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy