dd3x3r/enhavo

Releases0

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-25876 ↗	Feb 22, 2024Thursday, 22 February 2024, 14:15	6.1 MEDIUM	—
A cross-site scripting (XSS) vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field.
CVE-2024-25873 ↗	Feb 22, 2024Thursday, 22 February 2024, 14:15	5.4 MEDIUM	—
Enhavo v0.13.1 was discovered to contain an HTML injection vulnerability in the Author text field under the Blockquote module. This vulnerability allows attackers to execute arbitrary code via a crafted payload.
CVE-2024-25874 ↗	Feb 22, 2024Thursday, 22 February 2024, 14:15	5.4 MEDIUM	—
A cross-site scripting (XSS) vulnerability in the New/Edit Article module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Create Tag text field.
CVE-2024-25875 ↗	Feb 22, 2024Thursday, 22 February 2024, 14:15	6.1 MEDIUM	—
A cross-site scripting (XSS) vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Undertitle text field.