Vendor
Enhavo
Products
1
CVEs
2
Across products
2
Status
Private
Products
1- 2 CVEs
Recent CVEs
2| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-25873 | 0.00 | — | 0.00 | Feb 22, 2024 | Enhavo v0.13.1 was discovered to contain an HTML injection vulnerability in the Author text field under the Blockquote module. This vulnerability allows attackers to execute arbitrary code via a crafted payload. | |||
| CVE-2018-8832 | 0.00 | — | 0.00 | Mar 20, 2018 | enhavo 0.4.0 has XSS via a user-group that contains executable JavaScript code in the user-group name. The XSS attack launches when a victim visits the admin user group page. |
- CVE-2024-25873Feb 22, 2024risk 0.00cvss —epss 0.00
Enhavo v0.13.1 was discovered to contain an HTML injection vulnerability in the Author text field under the Blockquote module. This vulnerability allows attackers to execute arbitrary code via a crafted payload.
- CVE-2018-8832Mar 20, 2018risk 0.00cvss —epss 0.00
enhavo 0.4.0 has XSS via a user-group that contains executable JavaScript code in the user-group name. The XSS attack launches when a victim visits the admin user group page.