VYPR

Exment

by Exment

Source repositories

CVEs (4)

  • CVE-2024-47793MedOct 18, 2024
    risk 0.35cvss 5.4epss 0.00

    Stored cross-site scripting vulnerability exists in Exment v6.1.4 and earlier and Exment v5.0.11 and earlier. When accessing the edit screen containing custom columns (column type: images or files), an arbitrary script may be executed on the web browser of the user.

  • CVE-2020-5620MedAug 25, 2020
    risk 0.28cvss 5.4epss 0.01

    Cross-site scripting vulnerability in Exment prior to v3.6.0 allows remote authenticated attackers to inject arbitrary script or HTML via a specially crafted file.

  • CVE-2020-5619MedAug 25, 2020
    risk 0.28cvss 5.4epss 0.01

    Cross-site scripting vulnerability in Exment prior to v3.6.0 allows remote authenticated attackers to inject arbitrary script or HTML via unspecified vectors.

  • CVE-2024-46897LowOct 18, 2024
    risk 0.25cvss 3.8epss 0.00

    Incorrect permission assignment for critical resource issue exists in Exment v6.1.4 and earlier and Exment v5.0.11 and earlier. A logged-in user with the permission of table management may obtain and/or alter the information of the unauthorized table.