Skip to main content

Opentrade

2 CVEs product

Monthly

CVE-2020-6847 MEDIUM POC This Month

OpenTrade through 0.2.0 has a DOM-based XSS vulnerability that is executed when an administrator attempts to delete a message that contains JavaScript. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Opentrade
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2019-19250 CRITICAL Act Now

OpenTrade before 2019-11-23 allows SQL injection, related to server/modules/api/v1.js and server/utils.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Opentrade
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
EPSS 1% CVSS 5.4
MEDIUM POC This Month

OpenTrade through 0.2.0 has a DOM-based XSS vulnerability that is executed when an administrator attempts to delete a message that contains JavaScript. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Opentrade
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

OpenTrade before 2019-11-23 allows SQL injection, related to server/modules/api/v1.js and server/utils.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Opentrade
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy