CVE-2021-38113
- EPSS 0.17%
- Veröffentlicht 04.08.2021 19:15:08
- Zuletzt bearbeitet 21.11.2024 06:16:25
In addBouquet in js/bqe.js in OpenWebif (aka e2openplugin-OpenWebif) through 1.4.7, inserting JavaScript into the Add Bouquet feature of the Bouquet Editor (i.e., bouqueteditor/api/addbouquet?name=) leads to Stored XSS.
CVE-2018-20332
- EPSS 0.5%
- Veröffentlicht 21.12.2018 09:29:00
- Zuletzt bearbeitet 21.11.2024 04:01:15
An issue has been discovered in the OpenWebif plugin through 1.2.4 for Enigma2 based devices. Reading of arbitrary files is possible with /file?action=download&file= followed by a full pathname, and listing of arbitrary directories is possible with /...
CVE-2017-9333
- EPSS 0.86%
- Veröffentlicht 18.09.2017 01:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
OpenWebif 1.2.5 allows remote code execution via a URL to the CallOPKG function in the IpkgController class in plugin/controllers/ipkg.py, when the URL refers to an attacker-controlled web site with a Trojan horse package. This has security implicati...
- EPSS 14.04%
- Veröffentlicht 22.06.2017 03:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
An issue was discovered in the OpenWebif plugin through 1.2.4 for E2 open devices. The saveConfig function of "plugin/controllers/models/config.py" performs an eval() call on the contents of the "key" HTTP GET parameter. This allows an unauthenticate...