VYPR

Bitweaver

by Bitweaver

Source repositories

CVEs (31)

  • CVE-2021-29030Mar 24, 2021
    risk 0.00cvss epss 0.01

    A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/index.php URI.

  • CVE-2021-29029Mar 24, 2021
    risk 0.00cvss epss 0.01

    A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/edit_personal_page.php URI.

  • CVE-2021-29028Mar 24, 2021
    risk 0.00cvss epss 0.01

    A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/user_activity.php URI.

  • CVE-2021-29027Mar 24, 2021
    risk 0.00cvss epss 0.01

    A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/index.php URI.

  • CVE-2021-29026Mar 24, 2021
    risk 0.00cvss epss 0.01

    A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/permissions.php URI.

  • CVE-2021-29025Mar 24, 2021
    risk 0.00cvss epss 0.01

    A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/my_images.php URI.

  • CVE-2010-5086Mar 19, 2012
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in wiki/rankings.php in Bitweaver 2.7 and 2.8.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the style parameter.

  • CVE-2008-4337Sep 30, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Bitweaver 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the URL parameter to (1) edit.php and (2) list.php in articles/; (3) list_blogs.php and (4) rankings.php in blogs/; (5) calendar/index.php; (6)…

  • CVE-2007-6412Dec 17, 2007
    risk 0.00cvss epss 0.02

    Direct static code injection vulnerability in wiki/index.php in Bitweaver 2.0.0 and earlier, when comments are enabled, allows remote attackers to inject arbitrary PHP code via an editcomments action.

  • CVE-2007-0526Jan 26, 2007
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 1.3.1 allow remote attackers to inject arbitrary web script or HTML via the URL (PATH_INFO) to (1) articles/edit.php, (2) articles/list.php, (3) blogs/list_blogs.php, or (4) blogs/rankings.php.

  • CVE-2005-4379Dec 20, 2005
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 1.1 and 1.1.1 beta allow remote attackers to inject arbitrary web script or HTML via the (1) sort_mode parameter to (a) fisheye/list_galleries.php, (b) messages/message_box.php, and (c) users/my.php; the (2)…

Page 2 of 2