Vendor
Camunda
Products
2
CVEs
2
Across products
2
Status
Private
Products
2- 1 CVE
- 1 CVE
Recent CVEs
2| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-51577 | Med | 0.42 | 6.5 | 0.00 | Nov 10, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in neville.lugton bpmn.io bpmnio allows Stored XSS.This issue affects bpmn.io: from n/a through <= 1.0. | ||
| CVE-2021-28154 | 0.00 | — | 0.01 | Mar 11, 2021 | Camunda Modeler (aka camunda-modeler) through 4.6.0 allows arbitrary file access. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which manipulates the readFile and writeFile APIs. NOTE: the vendor states "The way we secured… |
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in neville.lugton bpmn.io bpmnio allows Stored XSS.This issue affects bpmn.io: from n/a through <= 1.0.
- CVE-2021-28154Mar 11, 2021risk 0.00cvss —epss 0.01
Camunda Modeler (aka camunda-modeler) through 4.6.0 allows arbitrary file access. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which manipulates the readFile and writeFile APIs. NOTE: the vendor states "The way we secured…