Skip to main content

Webpagetest

12 CVEs product

Monthly

CVE-2019-17199 HIGH POC This Week

www/getfile.php in WPO WebPageTest 19.04 on Windows allows Directory Traversal (for reading arbitrary files) because of an unanchored regular expression, as demonstrated by the a.jpg\.. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Microsoft Webpagetest
NVD GitHub
CVSS 3.1
7.5
EPSS
10.0%
CVE-2019-12161 HIGH This Week

WPO WebPageTest 19.04 allows SSRF because ValidateURL in www/runtest.php does not consider octal encoding of IP addresses (such as 0300.0250 as a replacement for 192.168). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SSRF Webpagetest
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2017-6541 MEDIUM POC This Month

Multiple Cross-Site Scripting (XSS) issues were discovered in webpagetest 3.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Webpagetest
NVD GitHub
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-6540 MEDIUM POC This Month

Multiple Cross-Site Scripting (XSS) issues were discovered in webpagetest 3.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Webpagetest
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-6539 MEDIUM POC This Month

Multiple Cross-Site Scripting (XSS) issues were discovered in webpagetest 3.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Webpagetest
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-6538 MEDIUM POC This Month

A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Webpagetest
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-6537 MEDIUM POC This Month

A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Webpagetest
NVD GitHub
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-6536 MEDIUM POC This Month

Multiple Cross-Site Scripting (XSS) issues were discovered in webpagetest 3.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Webpagetest
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-6535 MEDIUM POC This Month

Multiple Cross-Site Scripting (XSS) issues were discovered in webpagetest 3.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Webpagetest
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-6534 MEDIUM POC This Month

A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Webpagetest
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-6533 MEDIUM POC This Month

A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Webpagetest
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-6396 MEDIUM POC PATCH This Month

An issue was discovered in WPO-Foundation WebPageTest 3.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Webpagetest
NVD GitHub
CVSS 3.0
6.1
EPSS
0.3%
EPSS 10% CVSS 7.5
HIGH POC This Week

www/getfile.php in WPO WebPageTest 19.04 on Windows allows Directory Traversal (for reading arbitrary files) because of an unanchored regular expression, as demonstrated by the a.jpg\.. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Microsoft +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

WPO WebPageTest 19.04 allows SSRF because ValidateURL in www/runtest.php does not consider octal encoding of IP addresses (such as 0300.0250 as a replacement for 192.168). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SSRF Webpagetest
NVD
EPSS 0% CVSS 6.1
MEDIUM POC This Month

Multiple Cross-Site Scripting (XSS) issues were discovered in webpagetest 3.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Webpagetest
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM POC This Month

Multiple Cross-Site Scripting (XSS) issues were discovered in webpagetest 3.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Webpagetest
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM POC This Month

Multiple Cross-Site Scripting (XSS) issues were discovered in webpagetest 3.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Webpagetest
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM POC This Month

A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Webpagetest
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM POC This Month

A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Webpagetest
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM POC This Month

Multiple Cross-Site Scripting (XSS) issues were discovered in webpagetest 3.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Webpagetest
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM POC This Month

Multiple Cross-Site Scripting (XSS) issues were discovered in webpagetest 3.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Webpagetest
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM POC This Month

A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Webpagetest
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM POC This Month

A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Webpagetest
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM POC PATCH This Month

An issue was discovered in WPO-Foundation WebPageTest 3.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Webpagetest
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy