VYPR
Vendor

Community CMS

Products
1
CVEs
15
Across products
15
Status
Private

Products

1

Recent CVEs

15
  • CVE-2024-0916CriApr 25, 2024
    risk 0.65cvss 10.0epss 0.01

    Unauthenticated file upload allows remote code execution. This issue affects UvDesk Community: from 1.0.0 through 1.1.3.

  • CVE-2020-29477Dec 30, 2020
    risk 0.03cvss epss 0.01

    Invision Community 4.5.4 is affected by cross-site scripting (XSS) in the Field Name field. This vulnerability can allow an attacker to inject the XSS payload in Field Name and each time any user will open that, the XSS triggers and the attacker can able to steal the cookie…

  • CVE-2009-4794Apr 22, 2010
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in Community CMS 0.5 allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter to view.php and the (2) a parameter in an event action to calendar.php, reachable through index.php.

  • CVE-2009-0406Feb 3, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in Community CMS 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2024-56917Jun 24, 2025
    risk 0.00cvss epss 0.00

    Netbox Community 4.1.7 is vulnerable to Cross Site Scripting (XSS) via the maintenance banner` in maintenance mode.

  • CVE-2023-3037Oct 4, 2023
    risk 0.00cvss epss 0.01

    Improper authorization vulnerability in HelpDezk Community affecting version 1.1.10. This vulnerability could allow a remote attacker to access the platform without authentication and retrieve personal data via the jsonGrid parameter.

  • CVE-2021-44476Apr 25, 2023
    risk 0.00cvss epss 0.00

    A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read local files on the server, including sensitive configuration files.

  • CVE-2019-11782Dec 22, 2020
    risk 0.00cvss epss 0.01

    Improper access control in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote authenticated users with access to contact management to modify user accounts, leading to privilege escalation.

  • CVE-2019-11783Dec 22, 2020
    risk 0.00cvss epss 0.01

    Improper access control in mail module (channel partners) in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote authenticated users to subscribe to arbitrary mail channels uninvited.

  • CVE-2018-15645Dec 22, 2020
    risk 0.00cvss epss 0.01

    Improper access control in message routing in Odoo Community 12.0 and earlier and Odoo Enterprise 12.0 and earlier allows remote authenticated users to create arbitrary records via crafted payloads, which may allow privilege escalation.

  • CVE-2018-15634Dec 22, 2020
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) issue in attachment management in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim via a crafted link.

  • CVE-2020-9468Mar 26, 2020
    risk 0.00cvss epss 0.01

    The Community plugin 2.9.e-beta for Piwigo allows users to set image information on images in albums for which they do not have permission, by manipulating the image_id parameter.

  • CVE-2012-1903Feb 13, 2020
    risk 0.00cvss epss 0.01

    XSS in Telligent Community 5.6.583.20496 via a flash file and related to the allowScriptAccess parameter.

  • CVE-2018-14860Jul 3, 2019
    risk 0.00cvss epss 0.02

    Improper sanitization of dynamic user expressions in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated privileged users to escape from the dynamic expression sandbox and execute arbitrary code on the hosting system.

  • CVE-2005-2111Jul 5, 2005
    risk 0.00cvss epss 0.02

    login.cgi in Community Link Pro Web Editor allows remote attackers to execute arbitrary commands via the file parameter.