This page aggregates publicly disclosed CVE and security risk information related to armanidrisi, with CVSS, EPSS, publication dates, and vulnerability intelligence data to help assess potential risk and remediation priority.
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2023-6144 | Dev blog v1.0 allows to exploit an account takeover through the "user" cookie. With this, an attacker can access any user's session just by knowing their username. | [email protected] | 9.1 | 0.45% | 2023-11-20 | 2026-06-17 |
| CVE-2023-6142 | Dev blog v1.0 allows to exploit an XSS through an unrestricted file upload, together with a bad entropy of filenames. With this an attacker can upload a malicious HTML file, then guess the filename of the uploaded file and send it to a potential victim. | [email protected] | 5.4 | 0.43% | 2023-11-20 | 2026-06-17 |