Leap
by Gowondesigns
CVEs (16)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2009-1615 | 0.03 | — | 0.03 | May 11, 2009 | Unrestricted file upload vulnerability in Leap CMS 0.1.4 allows remote attackers to execute arbitrary code by uploading a file with an executable extension via an admin.system.files (aka Manage Files) request to the default URI, then accessing the file via a direct request. | |||
| CVE-2009-1614 | 0.03 | — | 0.01 | May 11, 2009 | Multiple cross-site scripting (XSS) vulnerabilities in Leap CMS 0.1.4 allow remote attackers to inject arbitrary web script or HTML via (1) the msg parameter (aka the message in an article comment) or (2) the searchterm parameter (aka the search post form). NOTE: some of these… | |||
| CVE-2009-1613 | 0.03 | — | 0.01 | May 11, 2009 | Multiple SQL injection vulnerabilities in leap.php in Leap CMS 0.1.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) searchterm or (2) email parameter. | |||
| CVE-2024-30115 | 0.00 | — | 0.00 | Apr 30, 2025 | Insufficient sanitization policy in HCL Leap allows client-side script injection in the deployed application through the HTML widget. | |||
| CVE-2023-45721 | 0.00 | — | 0.00 | Apr 30, 2025 | Insufficient default configuration in HCL Leap allows anonymous access to directory information. | |||
| CVE-2023-37517 | 0.00 | — | 0.00 | Apr 30, 2025 | Missing "no cache" headers in HCL Leap permits sensitive data to be cached. | |||
| CVE-2022-44759 | 0.00 | — | 0.00 | Apr 24, 2025 | Improper sanitization of SVG files in HCL Leap allows client-side script injection in deployed applications. | |||
| CVE-2022-44760 | 0.00 | — | 0.00 | Apr 24, 2025 | Unsafe default file type filter policy in HCL Leap allows execution of unsafe JavaScript in deployed applications. | |||
| CVE-2023-37516 | 0.00 | — | 0.00 | Apr 24, 2025 | Missing "no cache" headers in HCL Leap permits user directory information to be cached. | |||
| CVE-2024-30127 | 0.00 | — | 0.00 | Apr 24, 2025 | Missing "no cache" headers in HCL Leap permits sensitive data to be cached. | |||
| CVE-2023-37534 | 0.00 | — | 0.00 | Apr 24, 2025 | Insufficient URI protocol whitelist in HCL Leap allows script injection through query parameters. | |||
| CVE-2023-45720 | 0.00 | — | 0.00 | Apr 24, 2025 | Insufficient default configuration in HCL Leap allows anonymous access to directory information. | |||
| CVE-2024-30113 | 0.00 | — | 0.00 | Apr 24, 2025 | Insufficient sanitization policy in HCL Leap allows client-side script injection in the deployed application through the HTML widget. | |||
| CVE-2024-30114 | 0.00 | — | 0.00 | Apr 24, 2025 | Insufficient sanitization in HCL Leap allows client-side script injection in the authoring environment. | |||
| CVE-2024-30147 | 0.00 | — | 0.00 | Apr 24, 2025 | Multiple vectors in HCL Leap allow client-side script injection in the authoring environment and deployed applications. | |||
| CVE-2024-30148 | 0.00 | — | 0.00 | Apr 24, 2025 | Improper access control of endpoint in HCL Leap allows certain admin users to import applications from the server's filesystem. |
- CVE-2009-1615May 11, 2009risk 0.03cvss —epss 0.03
Unrestricted file upload vulnerability in Leap CMS 0.1.4 allows remote attackers to execute arbitrary code by uploading a file with an executable extension via an admin.system.files (aka Manage Files) request to the default URI, then accessing the file via a direct request.
- CVE-2009-1614May 11, 2009risk 0.03cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Leap CMS 0.1.4 allow remote attackers to inject arbitrary web script or HTML via (1) the msg parameter (aka the message in an article comment) or (2) the searchterm parameter (aka the search post form). NOTE: some of these…
- CVE-2009-1613May 11, 2009risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in leap.php in Leap CMS 0.1.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) searchterm or (2) email parameter.
- CVE-2024-30115Apr 30, 2025risk 0.00cvss —epss 0.00
Insufficient sanitization policy in HCL Leap allows client-side script injection in the deployed application through the HTML widget.
- CVE-2023-45721Apr 30, 2025risk 0.00cvss —epss 0.00
Insufficient default configuration in HCL Leap allows anonymous access to directory information.
- CVE-2023-37517Apr 30, 2025risk 0.00cvss —epss 0.00
Missing "no cache" headers in HCL Leap permits sensitive data to be cached.
- CVE-2022-44759Apr 24, 2025risk 0.00cvss —epss 0.00
Improper sanitization of SVG files in HCL Leap allows client-side script injection in deployed applications.
- CVE-2022-44760Apr 24, 2025risk 0.00cvss —epss 0.00
Unsafe default file type filter policy in HCL Leap allows execution of unsafe JavaScript in deployed applications.
- CVE-2023-37516Apr 24, 2025risk 0.00cvss —epss 0.00
Missing "no cache" headers in HCL Leap permits user directory information to be cached.
- CVE-2024-30127Apr 24, 2025risk 0.00cvss —epss 0.00
Missing "no cache" headers in HCL Leap permits sensitive data to be cached.
- CVE-2023-37534Apr 24, 2025risk 0.00cvss —epss 0.00
Insufficient URI protocol whitelist in HCL Leap allows script injection through query parameters.
- CVE-2023-45720Apr 24, 2025risk 0.00cvss —epss 0.00
Insufficient default configuration in HCL Leap allows anonymous access to directory information.
- CVE-2024-30113Apr 24, 2025risk 0.00cvss —epss 0.00
Insufficient sanitization policy in HCL Leap allows client-side script injection in the deployed application through the HTML widget.
- CVE-2024-30114Apr 24, 2025risk 0.00cvss —epss 0.00
Insufficient sanitization in HCL Leap allows client-side script injection in the authoring environment.
- CVE-2024-30147Apr 24, 2025risk 0.00cvss —epss 0.00
Multiple vectors in HCL Leap allow client-side script injection in the authoring environment and deployed applications.
- CVE-2024-30148Apr 24, 2025risk 0.00cvss —epss 0.00
Improper access control of endpoint in HCL Leap allows certain admin users to import applications from the server's filesystem.