Chevereto

CVEs (3)

CVE	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2017-1000058	Med	0.40	6.1	0.00	Jul 17, 2017	Stored XSS vulnerabilities in chevereto CMS before version 3.8.11, one in the user profile and one in the Exif data parser.
CVE-2012-2919		0.03	—	0.05	May 21, 2012	Directory traversal vulnerability in Upload/engine.php in Chevereto 1.9.1 allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in the v parameter.
CVE-2012-2918		0.03	—	0.03	May 21, 2012	Cross-site scripting (XSS) vulnerability in Upload/engine.php in Chevereto 1.91 allows remote attackers to inject arbitrary web script or HTML via the v parameter.

CVE-2017-1000058MedJul 17, 2017
risk 0.40cvss 6.1epss 0.00
Stored XSS vulnerabilities in chevereto CMS before version 3.8.11, one in the user profile and one in the Exif data parser.
CVE-2012-2919May 21, 2012
risk 0.03cvss —epss 0.05
Directory traversal vulnerability in Upload/engine.php in Chevereto 1.9.1 allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in the v parameter.
CVE-2012-2918May 21, 2012
risk 0.03cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in Upload/engine.php in Chevereto 1.91 allows remote attackers to inject arbitrary web script or HTML via the v parameter.