VYPR

Statusnet

by Status

CVEs (4)

  • CVE-2010-4659MedNov 20, 2019
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in statusnet through 2010 in error message contents.

  • CVE-2010-4658MedFeb 7, 2020
    risk 0.35cvss 5.3epss 0.01

    statusnet through 2010 allows attackers to spoof syslog messages via newline injection attacks.

  • CVE-2013-4137Oct 11, 2013
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in StatusNet 1.0 before 1.0.2 and 1.1.0 allow remote attackers to execute arbitrary SQL commands via vectors related to user lists and "a particular tag format."

  • CVE-2011-3802Sep 24, 2011
    risk 0.00cvss epss 0.01

    StatusNet 0.9.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tpl/index.php and certain other files.