Statusnet
by Status
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2010-4659 | Med | 0.40 | 6.1 | 0.01 | Nov 20, 2019 | Cross-site scripting (XSS) vulnerability in statusnet through 2010 in error message contents. | ||
| CVE-2010-4658 | Med | 0.35 | 5.3 | 0.01 | Feb 7, 2020 | statusnet through 2010 allows attackers to spoof syslog messages via newline injection attacks. | ||
| CVE-2013-4137 | 0.00 | — | 0.01 | Oct 11, 2013 | Multiple SQL injection vulnerabilities in StatusNet 1.0 before 1.0.2 and 1.1.0 allow remote attackers to execute arbitrary SQL commands via vectors related to user lists and "a particular tag format." | |||
| CVE-2011-3802 | 0.00 | — | 0.01 | Sep 24, 2011 | StatusNet 0.9.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tpl/index.php and certain other files. |
- risk 0.40cvss 6.1epss 0.01
Cross-site scripting (XSS) vulnerability in statusnet through 2010 in error message contents.
- risk 0.35cvss 5.3epss 0.01
statusnet through 2010 allows attackers to spoof syslog messages via newline injection attacks.
- CVE-2013-4137Oct 11, 2013risk 0.00cvss —epss 0.01
Multiple SQL injection vulnerabilities in StatusNet 1.0 before 1.0.2 and 1.1.0 allow remote attackers to execute arbitrary SQL commands via vectors related to user lists and "a particular tag format."
- CVE-2011-3802Sep 24, 2011risk 0.00cvss —epss 0.01
StatusNet 0.9.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tpl/index.php and certain other files.