Every CVE whose affected-product data names Montala Resourcespace, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2021-41765 — CVSS 9.8 (critical): A SQL injection issue in pages/edit_fields/9_ajax/add_keyword.php of ResourceSpace 9.5 and 9.6 < rev 18274 allows remote unauthenticated…
CVE-2021-41950 — CVSS 9.1 (critical): A directory traversal issue in ResourceSpace 9.6 before 9.6 rev 18277 allows remote unauthenticated attackers to delete arbitrary files on…
CVE-2019-25662 — CVSS 8.2 (high): ResourceSpace 8.6 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by…
CVE-2015-3648 — CVSS 7.5 (high): Directory traversal vulnerability in pages/setup.php in Montala Limited ResourceSpace before 7.2.6727 allows remote attackers to include…
CVE-2015-6915 — CVSS 7.5 (high): SQL injection vulnerability in Montala Limited ResourceSpace 7.3.7009 and earlier allows remote attackers to execute arbitrary SQL commands…
CVE-2019-25693 — CVSS 7.1 (high): ResourceSpace 8.6 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting…
CVE-2022-31260 — CVSS 6.5 (medium): In Montala ResourceSpace through 9.8 before r19636, csv_export_results_metadata.php allows attackers to export collection metadata via a…
CVE-2021-41951 — CVSS 6.1 (medium): ResourceSpace before 9.6 rev 18290 is affected by a reflected Cross-Site Scripting vulnerability in plugins/wordpress_sso/pages/index.php…
CVE-2011-4311 — CVSS 5.0 (medium): ResourceSpace before 4.2.2833 does not properly validate access keys, which allows remote attackers to bypass intended resource…