Bitweaver
by Bitweaver
Source repositories
CVEs (31)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-29030 | 0.00 | — | 0.01 | Mar 24, 2021 | A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/index.php URI. | |||
| CVE-2021-29029 | 0.00 | — | 0.01 | Mar 24, 2021 | A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/edit_personal_page.php URI. | |||
| CVE-2021-29028 | 0.00 | — | 0.01 | Mar 24, 2021 | A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/user_activity.php URI. | |||
| CVE-2021-29027 | 0.00 | — | 0.01 | Mar 24, 2021 | A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/index.php URI. | |||
| CVE-2021-29026 | 0.00 | — | 0.01 | Mar 24, 2021 | A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/permissions.php URI. | |||
| CVE-2021-29025 | 0.00 | — | 0.01 | Mar 24, 2021 | A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/my_images.php URI. | |||
| CVE-2010-5086 | 0.00 | — | 0.02 | Mar 19, 2012 | Directory traversal vulnerability in wiki/rankings.php in Bitweaver 2.7 and 2.8.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the style parameter. | |||
| CVE-2008-4337 | 0.00 | — | 0.01 | Sep 30, 2008 | Cross-site scripting (XSS) vulnerability in Bitweaver 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the URL parameter to (1) edit.php and (2) list.php in articles/; (3) list_blogs.php and (4) rankings.php in blogs/; (5) calendar/index.php; (6)… | |||
| CVE-2007-6412 | 0.00 | — | 0.02 | Dec 17, 2007 | Direct static code injection vulnerability in wiki/index.php in Bitweaver 2.0.0 and earlier, when comments are enabled, allows remote attackers to inject arbitrary PHP code via an editcomments action. | |||
| CVE-2007-0526 | 0.00 | — | 0.01 | Jan 26, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 1.3.1 allow remote attackers to inject arbitrary web script or HTML via the URL (PATH_INFO) to (1) articles/edit.php, (2) articles/list.php, (3) blogs/list_blogs.php, or (4) blogs/rankings.php. | |||
| CVE-2005-4379 | 0.00 | — | 0.02 | Dec 20, 2005 | Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 1.1 and 1.1.1 beta allow remote attackers to inject arbitrary web script or HTML via the (1) sort_mode parameter to (a) fisheye/list_galleries.php, (b) messages/message_box.php, and (c) users/my.php; the (2)… |
- CVE-2021-29030Mar 24, 2021risk 0.00cvss —epss 0.01
A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/index.php URI.
- CVE-2021-29029Mar 24, 2021risk 0.00cvss —epss 0.01
A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/edit_personal_page.php URI.
- CVE-2021-29028Mar 24, 2021risk 0.00cvss —epss 0.01
A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/user_activity.php URI.
- CVE-2021-29027Mar 24, 2021risk 0.00cvss —epss 0.01
A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/index.php URI.
- CVE-2021-29026Mar 24, 2021risk 0.00cvss —epss 0.01
A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/permissions.php URI.
- CVE-2021-29025Mar 24, 2021risk 0.00cvss —epss 0.01
A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/my_images.php URI.
- CVE-2010-5086Mar 19, 2012risk 0.00cvss —epss 0.02
Directory traversal vulnerability in wiki/rankings.php in Bitweaver 2.7 and 2.8.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the style parameter.
- CVE-2008-4337Sep 30, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Bitweaver 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the URL parameter to (1) edit.php and (2) list.php in articles/; (3) list_blogs.php and (4) rankings.php in blogs/; (5) calendar/index.php; (6)…
- CVE-2007-6412Dec 17, 2007risk 0.00cvss —epss 0.02
Direct static code injection vulnerability in wiki/index.php in Bitweaver 2.0.0 and earlier, when comments are enabled, allows remote attackers to inject arbitrary PHP code via an editcomments action.
- CVE-2007-0526Jan 26, 2007risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 1.3.1 allow remote attackers to inject arbitrary web script or HTML via the URL (PATH_INFO) to (1) articles/edit.php, (2) articles/list.php, (3) blogs/list_blogs.php, or (4) blogs/rankings.php.
- CVE-2005-4379Dec 20, 2005risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 1.1 and 1.1.1 beta allow remote attackers to inject arbitrary web script or HTML via the (1) sort_mode parameter to (a) fisheye/list_galleries.php, (b) messages/message_box.php, and (c) users/my.php; the (2)…
Page 2 of 2