VYPR

Spectra

by Allaire Corporation

CVEs (7)

  • CVE-2025-1784MedMar 26, 2025
    risk 0.42cvss 6.4epss 0.00

    The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the uagb block in all versions up to, and including, 2.19.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated…

  • CVE-2024-1814MedMay 23, 2024
    risk 0.35cvss 6.4epss 0.00

    The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Testimonial block in all versions up to, and including, 2.12.8 due to insufficient input sanitization and output escaping on user supplied attributes.…

  • CVE-2000-0862Nov 14, 2000
    risk 0.00cvss epss 0.01

    Vulnerability in an administrative interface utility for Allaire Spectra 1.0.1 allows remote attackers to read and modify sensitive configuration information.

  • CVE-2000-0334Apr 24, 2000
    risk 0.00cvss epss 0.00

    The Allaire Spectra container editor preview tool does not properly enforce object security, which allows an attacker to conduct unauthorized activities via an object-method that is added to the container object with a publishing rule.

  • CVE-2000-0051Jan 4, 2000
    risk 0.00cvss epss 0.01

    The Allaire Spectra Configuration Wizard allows remote attackers to cause a denial of service by repeatedly resubmitting data collections for indexing via a URL.

  • CVE-2000-0050Jan 4, 2000
    risk 0.00cvss epss 0.00

    The Allaire Spectra Webtop allows authenticated users to access other Webtop sections by specifying explicit URLs.

  • CVE-2000-0120Jan 1, 2000
    risk 0.00cvss epss 0.01

    The Remote Access Service invoke.cfm template in Allaire Spectra 1.0 allows users to bypass authentication via the bAuthenticated parameter.