Filtered by vendor Webedition
Subscriptions
Filtered by product Webedition Cms
Subscriptions
Total
6 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-53884 | 1 Webedition | 1 Webedition Cms | 2025-12-16 | N/A |
| Webedition CMS v2.9.8.8 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG files through the media upload feature to inject and execute arbitrary scripts when the file is viewed by other users. | ||||
| CVE-2024-28417 | 1 Webedition | 1 Webedition Cms | 2025-04-30 | 6.3 Medium |
| Webedition CMS 9.2.2.0 has a Stored XSS vulnerability via /webEdition/we_cmd.php. | ||||
| CVE-2024-28418 | 1 Webedition | 1 Webedition Cms | 2025-04-30 | 6.5 Medium |
| Webedition CMS 9.2.2.0 has a File upload vulnerability via /webEdition/we_cmd.php | ||||
| CVE-2014-5258 | 1 Webedition | 1 Webedition Cms | 2025-04-12 | N/A |
| Directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter. | ||||
| CVE-2014-2303 | 1 Webedition | 1 Webedition Cms | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in the file browser component (we_fs.php) in webEdition CMS before 6.2.7-s1.2 and 6.3.x through 6.3.8 before -s1 allow remote attackers to execute arbitrary SQL commands via the (1) table or (2) order parameter. | ||||
| CVE-2014-2302 | 1 Webedition | 1 Webedition Cms | 2024-11-21 | N/A |
| The installer script in webEdition CMS before 6.2.7-s1 and 6.3.x before 6.3.8-s1 allows remote attackers to conduct PHP Object Injection attacks by intercepting a request to update.webedition.org. | ||||
Page 1 of 1.