Montala ResourceSpace 6.3

CPE Details

Montala ResourceSpace 6.3
montala
resourcespace
6.3
2021-11-17
14h08 +00:00
2021-11-17
14h11 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:montala:resourcespace:6.3:*:*:*:*:*:*:*

Informations

Vendor

montala

Product

resourcespace

Version

6.3

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-31260 2022-07-17 17h57 +00:00 In Montala ResourceSpace through 9.8 before r19636, csv_export_results_metadata.php allows attackers to export collection metadata via a non-NULL k value.
6.5
Medium
CVE-2021-41951 2021-11-15 14h27 +00:00 ResourceSpace before 9.6 rev 18290 is affected by a reflected Cross-Site Scripting vulnerability in plugins/wordpress_sso/pages/index.php via the wordpress_user parameter. If an attacker is able to persuade a victim to visit a crafted URL, malicious JavaScript content may be executed within the context of the victim's browser.
6.1
Medium
CVE-2015-6915 2015-09-11 16h00 +00:00 SQL injection vulnerability in Montala Limited ResourceSpace 7.3.7009 and earlier allows remote attackers to execute arbitrary SQL commands via the "user" cookie to plugins/feedback/pages/feedback.php.
7.5
CVE-2015-3648 2015-06-09 12h00 +00:00 Directory traversal vulnerability in pages/setup.php in Montala Limited ResourceSpace before 7.2.6727 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the defaultlanguage parameter.
7.5