Paperthin Commonspot Content Server — known CVE vulnerabilities
Every CVE whose affected-product data names Paperthin Commonspot Content Server, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (19)
CVE-2014-2864 — CVSS 10.0 (critical): Multiple directory traversal vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allow remote attackers to have an…
CVE-2014-2863 — CVSS 10.0 (critical): Multiple absolute path traversal vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allow remote attackers to have…
CVE-2014-2867 — CVSS 10.0 (critical): Unrestricted file upload vulnerability in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to execute…
CVE-2014-2874 — CVSS 10.0 (critical): PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to execute arbitrary code via shell metacharacters in an…
CVE-2014-2866 — CVSS 10.0 (critical): PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 relies on client JavaScript code for access restrictions, which allows remote…
CVE-2014-2865 — CVSS 7.5 (high): PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to bypass intended access restrictions via a '\0' character…
CVE-2014-2859 — CVSS 7.5 (high): PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to bypass intended access restrictions via a direct request.
CVE-2014-2868 — CVSS 7.5 (high): PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to modify the flow of execution of ColdFusion code by using…
CVE-2014-2862 — CVSS 6.5 (medium): PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 does not check authorization in unspecified situations, which allows remote…
CVE-2014-2869 — CVSS 5.0 (medium): PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to obtain sensitive information via requests to unspecified…
CVE-2014-2870 — CVSS 5.0 (medium): The default configuration of PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 uses cleartext for storage of credentials in a…
CVE-2014-2871 — CVSS 5.0 (medium): PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 relies on an HTTP session for entering credentials on login pages, which allows…
CVE-2014-2872 — CVSS 5.0 (medium): PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to obtain potentially sensitive information from a directory…
CVE-2014-2873 — CVSS 5.0 (medium): PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 does not require authentication for access to log files, which allows remote…
CVE-2005-4575 — CVSS 5.0 (medium): PaperThin CommonSpot Content Server 4.5 and earlier allow remote attackers to obtain sensitive information via an invalid errmsg parameter…
CVE-2014-2860 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allow remote attackers to…
CVE-2010-0468 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in utilities/longproc.cfm in PaperThin CommonSpot Content Server allows remote attackers to inject…
CVE-2005-4574 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in loader.cfm in PaperThin CommonSpot Content Server 4.5 and earlier allows remote attackers to…
CVE-2014-2861 — CVSS 4.3 (medium): Incomplete blacklist vulnerability in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to conduct cross-site…