VYPR

Emoncms

by Openenergymonitor

Source repositories

CVEs (4)

  • CVE-2017-5964MedFeb 12, 2017
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered in Emoncms through 9.8.0. The vulnerability exists due to insufficient filtration of user-supplied data in multiple HTTP GET parameters passed to the "emoncms-master/Modules/vis/visualisations/compare.php" URL. An attacker could execute arbitrary HTML and…

  • CVE-2019-1010008MedJul 15, 2019
    risk 0.35cvss 5.4epss 0.01

    OpenEnergyMonitor Project Emoncms 9.8.8 is affected by: Cross Site Scripting (XSS). The impact is: Theoretically low, but might potentially enable persistent XSS (user could embed mal. code). The component is: Javascript code execution in "Name", "Location", "Bio" and "Starting…

  • CVE-2025-60938Oct 24, 2025
    risk 0.00cvss epss 0.01

    Emoncms 11.7.3 has a remote code execution vulnerability in the firmware upload feature that allows authenticated users to execute arbitrary commands on the target system. The vulnerability stems from insufficient input validation of user-controlled parameters including…

  • CVE-2025-60936Oct 24, 2025
    risk 0.00cvss epss 0.00

    Emoncms 11.7.3 is vulnerable to Cross Site in the input handling mechanism. This vulnerability allows authenticated attackers with API access to inject malicious JavaScript code that executes when administrators view the application logs.

VYPR — Vulnerability Intelligence