VYPR
Vendor

Gowondesigns

Products
1
CVEs
16
Across products
16
Status
Private

Products

1

Recent CVEs

16
  • CVE-2009-1615May 11, 2009
    risk 0.03cvss epss 0.03

    Unrestricted file upload vulnerability in Leap CMS 0.1.4 allows remote attackers to execute arbitrary code by uploading a file with an executable extension via an admin.system.files (aka Manage Files) request to the default URI, then accessing the file via a direct request.

  • CVE-2009-1614May 11, 2009
    risk 0.03cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Leap CMS 0.1.4 allow remote attackers to inject arbitrary web script or HTML via (1) the msg parameter (aka the message in an article comment) or (2) the searchterm parameter (aka the search post form). NOTE: some of these…

  • CVE-2009-1613May 11, 2009
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in leap.php in Leap CMS 0.1.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) searchterm or (2) email parameter.

  • CVE-2024-30115Apr 30, 2025
    risk 0.00cvss epss 0.00

    Insufficient sanitization policy in HCL Leap allows client-side script injection in the deployed application through the HTML widget.

  • CVE-2023-45721Apr 30, 2025
    risk 0.00cvss epss 0.00

    Insufficient default configuration in HCL Leap allows anonymous access to directory information.

  • CVE-2023-37517Apr 30, 2025
    risk 0.00cvss epss 0.00

    Missing "no cache" headers in HCL Leap permits sensitive data to be cached.

  • CVE-2022-44759Apr 24, 2025
    risk 0.00cvss epss 0.00

    Improper sanitization of SVG files in HCL Leap allows client-side script injection in deployed applications.

  • CVE-2022-44760Apr 24, 2025
    risk 0.00cvss epss 0.00

    Unsafe default file type filter policy in HCL Leap allows execution of unsafe JavaScript in deployed applications.

  • CVE-2023-37516Apr 24, 2025
    risk 0.00cvss epss 0.00

    Missing "no cache" headers in HCL Leap permits user directory information to be cached.

  • CVE-2024-30127Apr 24, 2025
    risk 0.00cvss epss 0.00

    Missing "no cache" headers in HCL Leap permits sensitive data to be cached.

  • CVE-2023-37534Apr 24, 2025
    risk 0.00cvss epss 0.00

    Insufficient URI protocol whitelist in HCL Leap allows script injection through query parameters.

  • CVE-2023-45720Apr 24, 2025
    risk 0.00cvss epss 0.00

    Insufficient default configuration in HCL Leap allows anonymous access to directory information.

  • CVE-2024-30113Apr 24, 2025
    risk 0.00cvss epss 0.00

    Insufficient sanitization policy in HCL Leap allows client-side script injection in the deployed application through the HTML widget.

  • CVE-2024-30114Apr 24, 2025
    risk 0.00cvss epss 0.00

    Insufficient sanitization in HCL Leap allows client-side script injection in the authoring environment.

  • CVE-2024-30147Apr 24, 2025
    risk 0.00cvss epss 0.00

    Multiple vectors in HCL Leap allow client-side script injection in the authoring environment and deployed applications.

  • CVE-2024-30148Apr 24, 2025
    risk 0.00cvss epss 0.00

    Improper access control of endpoint in HCL Leap allows certain admin users to import applications from the server's filesystem.