Eugeny/ajenti

Eugeny/ajenti

Releases0

Stars208

DEPRECATED: Repo moved to https://github.com/ajenti/ajenti (into the `1.x` branch)

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2014-4301 ↗	Jun 18, 2014Wednesday, 18 June 2014, 14:55	—	4.3 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in the respond_error function in routing.py in Eugene Pankov Ajenti before 1.2.21.7 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) resources.js or (2) resources.css in ajenti:static/, related to the traceback page.
CVE-2014-2260 ↗	Apr 30, 2014Wednesday, 30 April 2014, 23:58	—	3.5 LOW
Cross-site scripting (XSS) vulnerability in plugins/main/content/js/ajenti.coffee in Eugene Pankov Ajenti 1.2.13 allows remote authenticated users to inject arbitrary web script or HTML via the command field in the Cron functionality.