WeBankPartners/wecube-platform

WeBankPartners/wecube-platform

Releases45

Frequency1 month 2 weeks

Last Release 8 months ago

Stars381

WeCube Platform

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2022-37785 ↗	Jan 1, 2023Sunday, 1 January 2023, 08:15	7.5 HIGH	—
An issue was discovered in WeCube Platform 3.2.2. Cleartext passwords are displayed in the configuration for terminal plugins.
CVE-2022-37786 ↗	Jan 1, 2023Sunday, 1 January 2023, 08:15	6.3 MEDIUM	—
An issue was discovered in WeCube Platform 3.2.2. There are multiple CSV injection issues: the [Home / Admin / Resources] page, the [Home / Admin / System Params] page, and the [Home / Design / Basekey Configuration] page.
CVE-2022-37787 ↗	Jan 1, 2023Sunday, 1 January 2023, 08:15	6.1 MEDIUM	—
An issue was discovered in WeCube platform 3.2.2. A DOM XSS vulnerability has been found on the plugin database execution page.
CVE-2022-28945 ↗	Jun 2, 2022Thursday, 2 June 2022, 14:15	9.8 CRITICAL	7.5 HIGH
An issue in Webbank WeCube v3.2.2 allows attackers to execute a directory traversal via a crafted ZIP file.
CVE-2021-45746 ↗	Feb 24, 2022Thursday, 24 February 2022, 15:15	7.5 HIGH	5 MEDIUM
A Directory Traversal vulnerability exists in WeBankPartners wecube-platform 3.2.1 via the file variable in PluginPackageController.java.