Cross-site scripting (XSS) vulnerability in Ushahidi Platform 2.5.x through 2.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.32%
Published
2014-04-25
Updated
2014-04-25
Ushahidi before 2.6.1 has insufficient entropy for forgot-password tokens.
Max CVSS
9.8
EPSS Score
0.21%
Published
2020-02-04
Updated
2020-02-12
Multiple cross-site scripting (XSS) vulnerabilities in (1) application/views/admin/layout.php and (2) themes/default/views/header.php in the Ushahidi Platform before 2.5 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to a site name.
Max CVSS
3.5
EPSS Score
0.07%
Published
2012-08-12
Updated
2012-08-13
The installer in the Ushahidi Platform before 2.5 omits certain calls to the exit function, which allows remote attackers to obtain administrative privileges via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.32%
Published
2012-08-12
Updated
2012-08-13
The comments API in application/libraries/api/MY_Comments_Api_Object.php in the Ushahidi Platform before 2.5 allows remote attackers to obtain sensitive information about the e-mail address, IP address, and other attributes of the author of a comment via an API function call.
Max CVSS
5.0
EPSS Score
0.34%
Published
2012-08-12
Updated
2012-08-13
The (1) reports API and (2) administration feature in the comments API in the Ushahidi Platform before 2.5 do not require authentication, which allows remote attackers to generate reports and organize comments via API functions.
Max CVSS
6.4
EPSS Score
0.31%
Published
2012-08-12
Updated
2012-08-13
The email API in application/libraries/api/MY_Email_Api_Object.php in the Ushahidi Platform before 2.5 does not require authentication, which allows remote attackers to list, delete, or organize messages via a GET request.
Max CVSS
6.4
EPSS Score
0.22%
Published
2012-08-12
Updated
2012-08-13
Multiple SQL injection vulnerabilities in the edit functions in (1) application/controllers/admin/reports.php and (2) application/controllers/members/reports.php in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via an incident id.
Max CVSS
7.5
EPSS Score
0.12%
Published
2012-08-12
Updated
2012-08-13
Multiple SQL injection vulnerabilities in application/libraries/api/MY_Countries_Api_Object.php in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to _get_countries functions.
Max CVSS
7.5
EPSS Score
0.12%
Published
2012-08-12
Updated
2012-08-13
Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the messages admin functionality in application/controllers/admin/messages.php, (2) application/libraries/api/MY_Checkin_Api_Object.php, (3) application/controllers/admin/messages/reporters.php, or (4) the location API in application/libraries/api/MY_Locations_Api_Object.php and application/models/location.php.
Max CVSS
7.5
EPSS Score
0.37%
Published
2012-08-12
Updated
2012-08-13
Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the verify function in application/controllers/alerts.php, (2) the save_all function in application/models/settings.php, or (3) the media type to the timeline function in application/controllers/json.php.
Max CVSS
7.5
EPSS Score
0.19%
Published
2012-08-12
Updated
2012-08-13
11 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!