Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package erxes, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (4)
CVE-2024-57190 — CVSS 9.8 (critical): Erxes <1.6.1 is vulnerable to Incorrect Access Control. An attacker can bypass authentication by providing a "User" HTTP header that…
CVE-2021-32853 — CVSS 6.1 (medium): Erxes, an experience operating system (XOS) with a set of plugins, is vulnerable to cross-site scripting in versions 0.22.3 and prior. This…
CVE-2024-57186 — CVSS 5.4 (medium): In Erxes <1.6.2, an unauthenticated attacker can read arbitrary files from the system using a Path Traversal vulnerability in the…
CVE-2024-57189 — CVSS 5.4 (medium): In Erxes <1.6.2, an authenticated attacker can write to arbitrary files on the system using a Path Traversal vulnerability in the…