Every CVE whose affected-product data names Ss-proj Shirasagi, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (12)
CVE-2023-39448 — CVSS 8.8 (high): Path traversal vulnerability in SHIRASAGI prior to v1.18.0 allows a remote authenticated attacker to alter or create arbitrary files on the…
CVE-2024-46898 — CVSS 7.5 (high): SHIRASAGI prior to v1.19.1 processes URLs in HTTP requests improperly, resulting in a path traversal vulnerability. If this vulnerability…
CVE-2022-29485 — CVSS 6.1 (medium): Cross-site scripting vulnerability in SHIRASAGI v1.0.0 to v1.14.2, and v1.15.0 allows a remote attacker to inject an arbitrary script via…
CVE-2022-43479 — CVSS 6.1 (medium): Open redirect vulnerability in SHIRASAGI v1.14.4 to v1.15.0 allows a remote unauthenticated attacker to redirect users to an arbitrary web…
CVE-2019-6009 — CVSS 6.1 (medium): Open redirect vulnerability in SHIRASAGI v1.7.0 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct…
CVE-2020-5607 — CVSS 6.1 (medium): Open redirect vulnerability in SHIRASAGI v1.13.1 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct…
CVE-2023-36492 — CVSS 6.1 (medium): Reflected cross-site scripting vulnerability in SHIRASAGI prior to v1.18.0 allows a remote unauthenticated attacker to execute an arbitrary…
CVE-2022-43499 — CVSS 5.4 (medium): Stored cross-site scripting vulnerability in SHIRASAGI versions prior to v1.16.2 allows a remote authenticated attacker with an…
CVE-2023-38569 — CVSS 5.4 (medium): Stored cross-site scripting vulnerability in SHIRASAGI prior to v1.18.0 allows a remote authenticated attacker to execute an arbitrary…
CVE-2023-22425 — CVSS 5.4 (medium): Stored cross-site scripting vulnerability in Schedule function of SHIRASAGI v1.16.2 and earlier versions allows a remote authenticated…
CVE-2023-41889 — CVSS 5.3 (medium): SHIRASAGI is a Content Management System. Prior to version 1.18.0, SHIRASAGI is vulnerable to a Post-Unicode normalization issue. This…
CVE-2023-22427 — CVSS 4.8 (medium): Stored cross-site scripting vulnerability in Theme switching function of SHIRASAGI v1.16.2 and earlier versions allows a remote attacker…