Community CMS
CVEs (15)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-0916 | Cri | 0.65 | 10.0 | 0.01 | Apr 25, 2024 | Unauthenticated file upload allows remote code execution. This issue affects UvDesk Community: from 1.0.0 through 1.1.3. | ||
| CVE-2020-29477 | 0.03 | — | 0.01 | Dec 30, 2020 | Invision Community 4.5.4 is affected by cross-site scripting (XSS) in the Field Name field. This vulnerability can allow an attacker to inject the XSS payload in Field Name and each time any user will open that, the XSS triggers and the attacker can able to steal the cookie… | |||
| CVE-2009-4794 | 0.03 | — | 0.01 | Apr 22, 2010 | Multiple SQL injection vulnerabilities in Community CMS 0.5 allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter to view.php and the (2) a parameter in an event action to calendar.php, reachable through index.php. | |||
| CVE-2009-0406 | 0.03 | — | 0.01 | Feb 3, 2009 | SQL injection vulnerability in index.php in Community CMS 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2024-56917 | 0.00 | — | 0.00 | Jun 24, 2025 | Netbox Community 4.1.7 is vulnerable to Cross Site Scripting (XSS) via the maintenance banner` in maintenance mode. | |||
| CVE-2023-3037 | 0.00 | — | 0.01 | Oct 4, 2023 | Improper authorization vulnerability in HelpDezk Community affecting version 1.1.10. This vulnerability could allow a remote attacker to access the platform without authentication and retrieve personal data via the jsonGrid parameter. | |||
| CVE-2021-44476 | 0.00 | — | 0.00 | Apr 25, 2023 | A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read local files on the server, including sensitive configuration files. | |||
| CVE-2019-11782 | 0.00 | — | 0.01 | Dec 22, 2020 | Improper access control in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote authenticated users with access to contact management to modify user accounts, leading to privilege escalation. | |||
| CVE-2019-11783 | 0.00 | — | 0.01 | Dec 22, 2020 | Improper access control in mail module (channel partners) in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote authenticated users to subscribe to arbitrary mail channels uninvited. | |||
| CVE-2018-15645 | 0.00 | — | 0.01 | Dec 22, 2020 | Improper access control in message routing in Odoo Community 12.0 and earlier and Odoo Enterprise 12.0 and earlier allows remote authenticated users to create arbitrary records via crafted payloads, which may allow privilege escalation. | |||
| CVE-2018-15634 | 0.00 | — | 0.01 | Dec 22, 2020 | Cross-site scripting (XSS) issue in attachment management in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim via a crafted link. | |||
| CVE-2020-9468 | 0.00 | — | 0.01 | Mar 26, 2020 | The Community plugin 2.9.e-beta for Piwigo allows users to set image information on images in albums for which they do not have permission, by manipulating the image_id parameter. | |||
| CVE-2012-1903 | 0.00 | — | 0.01 | Feb 13, 2020 | XSS in Telligent Community 5.6.583.20496 via a flash file and related to the allowScriptAccess parameter. | |||
| CVE-2018-14860 | 0.00 | — | 0.02 | Jul 3, 2019 | Improper sanitization of dynamic user expressions in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated privileged users to escape from the dynamic expression sandbox and execute arbitrary code on the hosting system. | |||
| CVE-2005-2111 | 0.00 | — | 0.02 | Jul 5, 2005 | login.cgi in Community Link Pro Web Editor allows remote attackers to execute arbitrary commands via the file parameter. |
- risk 0.65cvss 10.0epss 0.01
Unauthenticated file upload allows remote code execution. This issue affects UvDesk Community: from 1.0.0 through 1.1.3.
- CVE-2020-29477Dec 30, 2020risk 0.03cvss —epss 0.01
Invision Community 4.5.4 is affected by cross-site scripting (XSS) in the Field Name field. This vulnerability can allow an attacker to inject the XSS payload in Field Name and each time any user will open that, the XSS triggers and the attacker can able to steal the cookie…
- CVE-2009-4794Apr 22, 2010risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in Community CMS 0.5 allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter to view.php and the (2) a parameter in an event action to calendar.php, reachable through index.php.
- CVE-2009-0406Feb 3, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in Community CMS 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2024-56917Jun 24, 2025risk 0.00cvss —epss 0.00
Netbox Community 4.1.7 is vulnerable to Cross Site Scripting (XSS) via the maintenance banner` in maintenance mode.
- CVE-2023-3037Oct 4, 2023risk 0.00cvss —epss 0.01
Improper authorization vulnerability in HelpDezk Community affecting version 1.1.10. This vulnerability could allow a remote attacker to access the platform without authentication and retrieve personal data via the jsonGrid parameter.
- CVE-2021-44476Apr 25, 2023risk 0.00cvss —epss 0.00
A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read local files on the server, including sensitive configuration files.
- CVE-2019-11782Dec 22, 2020risk 0.00cvss —epss 0.01
Improper access control in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote authenticated users with access to contact management to modify user accounts, leading to privilege escalation.
- CVE-2019-11783Dec 22, 2020risk 0.00cvss —epss 0.01
Improper access control in mail module (channel partners) in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote authenticated users to subscribe to arbitrary mail channels uninvited.
- CVE-2018-15645Dec 22, 2020risk 0.00cvss —epss 0.01
Improper access control in message routing in Odoo Community 12.0 and earlier and Odoo Enterprise 12.0 and earlier allows remote authenticated users to create arbitrary records via crafted payloads, which may allow privilege escalation.
- CVE-2018-15634Dec 22, 2020risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) issue in attachment management in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim via a crafted link.
- CVE-2020-9468Mar 26, 2020risk 0.00cvss —epss 0.01
The Community plugin 2.9.e-beta for Piwigo allows users to set image information on images in albums for which they do not have permission, by manipulating the image_id parameter.
- CVE-2012-1903Feb 13, 2020risk 0.00cvss —epss 0.01
XSS in Telligent Community 5.6.583.20496 via a flash file and related to the allowScriptAccess parameter.
- CVE-2018-14860Jul 3, 2019risk 0.00cvss —epss 0.02
Improper sanitization of dynamic user expressions in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated privileged users to escape from the dynamic expression sandbox and execute arbitrary code on the hosting system.
- CVE-2005-2111Jul 5, 2005risk 0.00cvss —epss 0.02
login.cgi in Community Link Pro Web Editor allows remote attackers to execute arbitrary commands via the file parameter.