Planetestream Planet Estream — known CVE vulnerabilities
Every CVE whose affected-product data names Planetestream Planet Estream, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2022-45896 — CVSS 9.8 (critical): Planet eStream before 6.72.10.07 allows unauthenticated upload of arbitrary files: Choose a Video / Related Media or Upload Document…
CVE-2022-45891 — CVSS 9.1 (critical): Planet eStream before 6.72.10.07 allows attackers to call restricted functions, and perform unauthenticated uploads (Upload2.ashx) or…
CVE-2022-45893 — CVSS 8.8 (high): Planet eStream before 6.72.10.07 allows a low-privileged user to gain access to administrative and high-privileged user accounts by…
CVE-2022-45889 — CVSS 7.2 (high): Planet eStream before 6.72.10.07 allows a remote attacker (who is a publisher or admin) to obtain access to all records stored in the…
CVE-2022-45894 — CVSS 6.5 (medium): GetFile.aspx in Planet eStream before 6.72.10.07 allows ..\ directory traversal to read arbitrary local files.
CVE-2022-45895 — CVSS 6.5 (medium): Planet eStream before 6.72.10.07 discloses sensitive information, related to the ON cookie (findable in HTML source code for Default.aspx…
CVE-2022-45890 — CVSS 6.1 (medium): In Planet eStream before 6.72.10.07, a Reflected Cross-Site Scripting (XSS) vulnerability exists via any metadata filter field (e.g…
CVE-2022-45892 — CVSS 5.4 (medium): In Planet eStream before 6.72.10.07, multiple Stored Cross-Site Scripting (XSS) vulnerabilities exist: Disclaimer, Search Function…