Vendor
Poeditor
Products
1
CVEs
3
Across products
3
Status
Private
Products
1- 3 CVEs
Recent CVEs
3| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-32453 | Med | 0.38 | 5.9 | 0.00 | Apr 15, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POEditor allows Stored XSS.This issue affects POEditor: from n/a through 0.9.8. | ||
| CVE-2023-32091 | Med | 0.35 | 5.4 | 0.00 | Oct 3, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in POEditor plugin <= 0.9.4 versions. | ||
| CVE-2025-4280 | Med | 0.31 | — | 0.00 | May 22, 2025 | MacOS version of Poedit bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary commands or scripts,… |
- risk 0.38cvss 5.9epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POEditor allows Stored XSS.This issue affects POEditor: from n/a through 0.9.8.
- risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in POEditor plugin <= 0.9.4 versions.
- risk 0.31cvss —epss 0.00
MacOS version of Poedit bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary commands or scripts,…