CVE-2024-37879
- EPSS 0.13%
- Veröffentlicht 20.09.2024 17:15:14
- Zuletzt bearbeitet 01.11.2024 21:35:02
Improper input validation in /admin/config/save in User-friendly SVN (USVN) before v1.0.12 and below allows administrators to execute arbitrary code via the fields "siteTitle", "siteIco" and "siteLogo".
CVE-2020-17363
- EPSS 6.7%
- Veröffentlicht 31.12.2020 02:15:12
- Zuletzt bearbeitet 21.11.2024 05:07:57
USVN (aka User-friendly SVN) before 1.0.9 allows remote code execution via shell metacharacters in the number_start or number_end parameter to LastHundredRequest (aka lasthundredrequestAction) in the Timeline module. NOTE: this may overlap CVE-2020-2...
CVE-2020-25069
- EPSS 0.58%
- Veröffentlicht 01.09.2020 21:15:12
- Zuletzt bearbeitet 21.11.2024 05:17:11
USVN (aka User-friendly SVN) before 1.0.10 allows attackers to execute arbitrary code in the commit view.
CVE-2020-25070
- EPSS 0.21%
- Veröffentlicht 01.09.2020 21:15:12
- Zuletzt bearbeitet 21.11.2024 05:17:12
USVN (aka User-friendly SVN) before 1.0.10 allows CSRF, related to the lack of the SameSite Strict feature.
CVE-2018-0695
- EPSS 0.26%
- Veröffentlicht 15.11.2018 15:29:01
- Zuletzt bearbeitet 21.11.2024 03:38:45
Cross-site scripting vulnerability in User-friendly SVN (USVN) Version 1.0.7 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.