enhavo/enhavo-app
Packagist3 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting enhavo/enhavo-apppage 1 of 1
- CVE-2024-25874MEDIUMCVSS 5.4EG 5.42024-02-22
vulnerable: v0.3, v0.5, v0.7
A cross-site scripting (XSS) vulnerability in the New/Edit Article module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Create Tag text field.
- CVE-2024-25875MEDIUMCVSS 6.1EG 6.12024-02-22
vulnerable: v0.3, v0.5, v0.7
A cross-site scripting (XSS) vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Undertitle text field.
- CVE-2024-25876MEDIUMCVSS 6.1EG 6.12024-02-22
vulnerable: v0.3, v0.5, v0.7
A cross-site scripting (XSS) vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field.
Check whether enhavo/enhavo-app is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for enhavo/enhavo-app CVEs against the assets you own.
Start Free Scan →