VYPR

Alma Blog

by Devklan

CVEs (3)

  • CVE-2024-1144MedMar 19, 2024
    risk 0.42cvss 6.5epss 0.00

    Improper access control vulnerability in Devklan's Alma Blog that affects versions 2.1.10 and earlier. This vulnerability could allow an unauthenticated user to access the application's functionalities without the need for credentials.

  • CVE-2024-1146MedMar 19, 2024
    risk 0.38cvss 5.8epss 0.00

    Cross-Site Scripting vulnerability in Devklan's Alma Blog that affects versions 2.1.10 and earlier. This vulnerability could allow an attacker to store a malicious JavaScript payload within the application by adding the payload to 'Community Description' or 'Community Rules'.

  • CVE-2024-1145MedMar 19, 2024
    risk 0.34cvss 5.3epss 0.00

    User enumeration vulnerability in Devklan's Alma Blog that affects versions 2.1.10 and earlier. This vulnerability could allow a remote user to retrieve all valid users registered in the application just by looking at the request response.