Known Vulnerabilities for products from Osclass
Listed below are 10 of the newest known vulnerabilities associated with the vendor "Osclass".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2018-14481 | Osclass 3.7.4 has XSS via the query string to index.php, a different vulnerability than CVE-2014-6280. | 6.1 - MEDIUM | 2019-01-03 | 2019-01-14 |
| CVE-2016-10751 | osClass 3.6.1 allows oc-admin/plugins.php Directory Traversal via the plugin parameter. This is exploitable for remote PHP co... | 7.2 - HIGH | 2019-05-24 | 2019-05-29 |
| CVE-2014-8085 | Unrestricted file upload vulnerability in the CWebContact::doModel method in oc-includes/osclass/controller/contact.php in OS... | 6.8 - MEDIUM | 2015-01-05 | 2018-10-09 |
| CVE-2014-8084 | Directory traversal vulnerability in oc-includes/osclass/controller/ajax.php in OSClass before 3.4.3 allows remote attackers ... | 7.5 - HIGH | 2015-01-05 | 2018-10-09 |
| CVE-2014-8083 | SQL injection vulnerability in the Search::setJsonAlert method in OSClass before 3.4.3 allows remote attackers to execute arb... | 7.5 - HIGH | 2015-01-05 | 2018-10-09 |
| CVE-2014-6308 | Directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) ... | 5 - MEDIUM | 2014-10-20 | 2018-10-09 |
| CVE-2014-6280 | Multiple cross-site scripting (XSS) vulnerabilities in OSClass before 3.4.2 allow remote attackers to inject arbitrary web sc... | 4.3 - MEDIUM | 2014-10-20 | 2018-10-09 |
| CVE-2012-5163 | Cross-site scripting (XSS) vulnerability in oc-admin/ajax/ajax.php in OSClass before 2.3.5 allows remote attackers to inject ... | 4.3 - MEDIUM | 2012-09-26 | 2017-08-29 |
| CVE-2012-5162 | Multiple SQL injection vulnerabilities in oc-admin/ajax/ajax.php in OSClass before 2.3.5 allow remote attackers to execute ar... | 6.5 - MEDIUM | 2012-09-26 | 2017-08-29 |
| CVE-2012-0973 | Multiple SQL injection vulnerabilities in OSClass before 2.3.5 allow remote attackers to execute arbitrary SQL commands via t... | 7.5 - HIGH | 2012-09-25 | 2012-09-26 |
Known software with vulnerabilities from Osclass
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Osclass | Osclass | 1.0 |