Cskefu
by Cskefu
Source repositories
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-2556 | Med | 0.41 | 6.3 | 0.00 | Feb 16, 2026 | A security vulnerability has been detected in cskefu up to 8.0.1. This issue affects some unknown processing of the file com/cskefu/cc/controller/resource/MediaController.java of the component Endpoint. The manipulation of the argument url leads to server-side request forgery.… | ||
| CVE-2026-2557 | Low | 0.23 | 3.5 | 0.00 | Feb 16, 2026 | A vulnerability was detected in cskefu up to 8.0.1. Impacted is the function Upload of the file com/cskefu/cc/controller/resource/MediaController.java of the component File Upload. The manipulation results in cross site scripting. The attack may be launched remotely. The exploit… | ||
| CVE-2024-29402 | Med | 0.21 | 4.3 | 0.00 | Apr 16, 2024 | cskefu v7 suffers from Insufficient Session Expiration, which allows attackers to exploit the old session for malicious activity. | ||
| CVE-2022-36521 | 0.00 | — | 0.01 | Aug 26, 2022 | Insecure permissions in cskefu v7.0.1 allows unauthenticated attackers to arbitrarily add administrator accounts. |
- risk 0.41cvss 6.3epss 0.00
A security vulnerability has been detected in cskefu up to 8.0.1. This issue affects some unknown processing of the file com/cskefu/cc/controller/resource/MediaController.java of the component Endpoint. The manipulation of the argument url leads to server-side request forgery.…
- risk 0.23cvss 3.5epss 0.00
A vulnerability was detected in cskefu up to 8.0.1. Impacted is the function Upload of the file com/cskefu/cc/controller/resource/MediaController.java of the component File Upload. The manipulation results in cross site scripting. The attack may be launched remotely. The exploit…
- risk 0.21cvss 4.3epss 0.00
cskefu v7 suffers from Insufficient Session Expiration, which allows attackers to exploit the old session for malicious activity.
- CVE-2022-36521Aug 26, 2022risk 0.00cvss —epss 0.01
Insecure permissions in cskefu v7.0.1 allows unauthenticated attackers to arbitrarily add administrator accounts.