Skip to main content

Spina

6 CVEs product

Monthly

CVE-2024-7106 Ruby MEDIUM POC This Month

A vulnerability classified as problematic was found in Spina CMS 2.18.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Spina
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.4%
CVE-2024-7065 MEDIUM POC This Month

A vulnerability was found in Spina CMS up to 2.18.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Spina
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.4%
CVE-2024-41603 CRITICAL Act Now

Spina CMS v2.18.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the URI /admin/layout. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Spina
NVD GitHub
CVSS 3.1
9.6
EPSS
0.2%
CVE-2024-41602 HIGH This Week

Cross Site Request Forgery vulnerability in Spina CMS v.2.18.0 and before allows a remote attacker to escalate privileges via a crafted URL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Spina
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-3445 Ruby MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository spinacms/spina prior to 2.15.1. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Spina
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2015-4619 Ruby HIGH PATCH This Week

Cross-site request forgery (CSRF) vulnerability in Spina before commit bfe44f289e336f80b6593032679300c493735e75. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Spina
NVD GitHub
CVSS 3.0
8.8
EPSS
0.2%
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability classified as problematic was found in Spina CMS 2.18.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Spina
NVD GitHub VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability was found in Spina CMS up to 2.18.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Spina
NVD GitHub VulDB
EPSS 0% CVSS 9.6
CRITICAL Act Now

Spina CMS v2.18.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the URI /admin/layout. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Spina
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

Cross Site Request Forgery vulnerability in Spina CMS v.2.18.0 and before allows a remote attacker to escalate privileges via a crafted URL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Spina
NVD GitHub
EPSS 1% CVSS 4.8
MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository spinacms/spina prior to 2.15.1. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Spina
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Cross-site request forgery (CSRF) vulnerability in Spina before commit bfe44f289e336f80b6593032679300c493735e75. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Spina
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy