) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- CPE Product Version: cpe:/a:montala:resourcespace:4.1.2567
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2022-31260 |
In Montala ResourceSpace through 9.8 before r19636, csv_export_results_metadata.php allows attackers to export collection metadata via a non-NULL k value. Published: July 17, 2022; 4:15:08 PM -0400 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
| CVE-2021-41951 |
ResourceSpace before 9.6 rev 18290 is affected by a reflected Cross-Site Scripting vulnerability in plugins/wordpress_sso/pages/index.php via the wordpress_user parameter. If an attacker is able to persuade a victim to visit a crafted URL, malicious JavaScript content may be executed within the context of the victim's browser. Published: November 15, 2021; 11:15:10 AM -0500 |
V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2015-6915 |
SQL injection vulnerability in Montala Limited ResourceSpace 7.3.7009 and earlier allows remote attackers to execute arbitrary SQL commands via the "user" cookie to plugins/feedback/pages/feedback.php. Published: September 11, 2015; 12:59:21 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
| CVE-2015-3648 |
Directory traversal vulnerability in pages/setup.php in Montala Limited ResourceSpace before 7.2.6727 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the defaultlanguage parameter. Published: June 09, 2015; 10:59:04 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
| CVE-2011-4311 |
ResourceSpace before 4.2.2833 does not properly validate access keys, which allows remote attackers to bypass intended resource restrictions via unspecified vectors. Published: November 18, 2011; 10:58:55 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |