CVE-2015-9549
- EPSS 0.4%
- Veröffentlicht 03.08.2020 16:15:11
- Zuletzt bearbeitet 21.11.2024 02:40:54
A reflected Cross-site Scripting (XSS) vulnerability exists in OcPortal 9.0.20 via the OCF_EMOTICON_CELL.tpl FIELD_NAME field to data/emoticons.php.
CVE-2015-2677
- EPSS 0.21%
- Veröffentlicht 23.03.2015 16:59:04
- Zuletzt bearbeitet 12.04.2025 10:46:40
Multiple cross-site scripting (XSS) vulnerabilities in ocPortal before 9.0.17 allow remote authenticated users to inject arbitrary web script or HTML via the (1) title or (2) text field in the cms_calendar page to cms/index.php; unspecified fields in...
CVE-2012-5234
- EPSS 0.21%
- Veröffentlicht 01.10.2012 23:55:01
- Zuletzt bearbeitet 11.04.2025 00:51:21
Open redirect vulnerability in index.php in ocPortal before 7.1.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter.
CVE-2012-1470
- EPSS 2.93%
- Veröffentlicht 01.10.2012 23:55:00
- Zuletzt bearbeitet 11.04.2025 00:51:21
Multiple cross-site scripting (XSS) vulnerabilities in code_editor.php in ocPortal before 7.1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) path or (2) line parameters.
- EPSS 0.3%
- Veröffentlicht 01.10.2012 23:55:00
- Zuletzt bearbeitet 11.04.2025 00:51:21
Directory traversal vulnerability in catalogue_file.php in ocPortal before 7.1.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
CVE-2004-1592
- EPSS 4.85%
- Veröffentlicht 31.12.2004 05:00:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
PHP remote file inclusion vulnerability in index.php in ocPortal 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the req_path parameter to reference a URL on a remote web server that contains a malicious funcs.php...