CVE-2015-9549
- EPSS 1.27%
- Veröffentlicht 03.08.2020 16:15:11
- Zuletzt bearbeitet 21.11.2024 02:40:54
A reflected Cross-site Scripting (XSS) vulnerability exists in OcPortal 9.0.20 via the OCF_EMOTICON_CELL.tpl FIELD_NAME field to data/emoticons.php.
CVE-2015-2677
- EPSS 1.52%
- Veröffentlicht 23.03.2015 16:59:04
- Zuletzt bearbeitet 06.05.2026 22:30:45
Multiple cross-site scripting (XSS) vulnerabilities in ocPortal before 9.0.17 allow remote authenticated users to inject arbitrary web script or HTML via the (1) title or (2) text field in the cms_calendar page to cms/index.php; unspecified fields in...
CVE-2012-5234
- EPSS 1.05%
- Veröffentlicht 01.10.2012 23:55:01
- Zuletzt bearbeitet 16.06.2026 23:46:29
Open redirect vulnerability in index.php in ocPortal before 7.1.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter.
CVE-2012-1470
- EPSS 1.68%
- Veröffentlicht 01.10.2012 23:55:00
- Zuletzt bearbeitet 16.06.2026 23:39:35
Multiple cross-site scripting (XSS) vulnerabilities in code_editor.php in ocPortal before 7.1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) path or (2) line parameters.
- EPSS 2.01%
- Veröffentlicht 01.10.2012 23:55:00
- Zuletzt bearbeitet 16.06.2026 23:39:35
Directory traversal vulnerability in catalogue_file.php in ocPortal before 7.1.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
CVE-2004-1592
- EPSS 3.05%
- Veröffentlicht 31.12.2004 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:08:00
PHP remote file inclusion vulnerability in index.php in ocPortal 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the req_path parameter to reference a URL on a remote web server that contains a malicious funcs.php...