Spectra
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-1784 | Med | 0.42 | 6.4 | 0.00 | Mar 26, 2025 | The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the uagb block in all versions up to, and including, 2.19.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated… | ||
| CVE-2024-1814 | Med | 0.35 | 6.4 | 0.00 | May 23, 2024 | The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Testimonial block in all versions up to, and including, 2.12.8 due to insufficient input sanitization and output escaping on user supplied attributes.… | ||
| CVE-2000-0862 | 0.00 | — | 0.01 | Nov 14, 2000 | Vulnerability in an administrative interface utility for Allaire Spectra 1.0.1 allows remote attackers to read and modify sensitive configuration information. | |||
| CVE-2000-0334 | 0.00 | — | 0.00 | Apr 24, 2000 | The Allaire Spectra container editor preview tool does not properly enforce object security, which allows an attacker to conduct unauthorized activities via an object-method that is added to the container object with a publishing rule. | |||
| CVE-2000-0051 | 0.00 | — | 0.01 | Jan 4, 2000 | The Allaire Spectra Configuration Wizard allows remote attackers to cause a denial of service by repeatedly resubmitting data collections for indexing via a URL. | |||
| CVE-2000-0050 | 0.00 | — | 0.00 | Jan 4, 2000 | The Allaire Spectra Webtop allows authenticated users to access other Webtop sections by specifying explicit URLs. | |||
| CVE-2000-0120 | 0.00 | — | 0.01 | Jan 1, 2000 | The Remote Access Service invoke.cfm template in Allaire Spectra 1.0 allows users to bypass authentication via the bAuthenticated parameter. |
- risk 0.42cvss 6.4epss 0.00
The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the uagb block in all versions up to, and including, 2.19.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated…
- risk 0.35cvss 6.4epss 0.00
The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Testimonial block in all versions up to, and including, 2.12.8 due to insufficient input sanitization and output escaping on user supplied attributes.…
- CVE-2000-0862Nov 14, 2000risk 0.00cvss —epss 0.01
Vulnerability in an administrative interface utility for Allaire Spectra 1.0.1 allows remote attackers to read and modify sensitive configuration information.
- CVE-2000-0334Apr 24, 2000risk 0.00cvss —epss 0.00
The Allaire Spectra container editor preview tool does not properly enforce object security, which allows an attacker to conduct unauthorized activities via an object-method that is added to the container object with a publishing rule.
- CVE-2000-0051Jan 4, 2000risk 0.00cvss —epss 0.01
The Allaire Spectra Configuration Wizard allows remote attackers to cause a denial of service by repeatedly resubmitting data collections for indexing via a URL.
- CVE-2000-0050Jan 4, 2000risk 0.00cvss —epss 0.00
The Allaire Spectra Webtop allows authenticated users to access other Webtop sections by specifying explicit URLs.
- CVE-2000-0120Jan 1, 2000risk 0.00cvss —epss 0.01
The Remote Access Service invoke.cfm template in Allaire Spectra 1.0 allows users to bypass authentication via the bAuthenticated parameter.