craws openatlas CVE Vulnerabilities (16)

CVEs: 16 CPE versions: View versions table

Summary

This page lists publicly disclosed CVE vulnerabilities affecting craws openatlas (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.

Showing 116 of 16 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2025-60917 A reflected cross-site scripting (XSS) vulnerability in the /overview/network/ endpoint of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the color parameter. [email protected] 4.6 0.18% 2025-11-24 2026-06-17
CVE-2025-60916 A reflected cross-site scripting (XSS) vulnerability in the /overview/network/ endpoint of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the charge parameter. [email protected] 5.4 0.20% 2025-11-24 2026-06-17
CVE-2025-60915 An issue in the size query parameter (/views/file.py) of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute a path traversal via a crafted request. [email protected] 8.1 0.37% 2025-11-24 2026-06-17
CVE-2025-60914 Incorrect access control in Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to access sensitive information via sending a crafted GET request to the /display_logo endpoint. [email protected] 4.6 0.15% 2025-11-24 2026-06-17
CVE-2025-56423 An issue in Austrian Academy of Sciences (AW) Austrian Archaeological Institute OpenAtlas v.8.12.0 allows a remote attacker to obtain sensitive information via the login error messages [email protected] 5.3 0.27% 2025-11-24 2026-06-17
CVE-2025-40709 Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via  the "/insert/person/<ID>” petition, "name" and "alias-0” parameters. [email protected] 5.1 0.20% 2025-08-29 2026-06-17
CVE-2025-40708 Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via  the "/insert/event" petition, "name" parameter. [email protected] 5.1 0.20% 2025-08-29 2026-06-17
CVE-2025-40707 Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via  the "/insert/place" petition, "name" and "alias-0” parameters. [email protected] 5.1 0.20% 2025-08-29 2026-06-17
CVE-2025-40706 Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via  the "/insert/source" petition, "name" parameter. [email protected] 5.1 0.20% 2025-08-29 2026-06-17
CVE-2025-40705 Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via  the "/insert/acquisition" petition, "name" parameter. [email protected] 5.1 0.20% 2025-08-29 2026-06-17
CVE-2025-40704 Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via  the "/insert/edition" petition, "name" parameter. [email protected] 5.1 0.20% 2025-08-29 2026-06-17
CVE-2025-40703 Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via  the "/insert/group" petition, "name" and "alias-0” parameters. [email protected] 5.1 0.20% 2025-08-29 2026-06-17
CVE-2025-40702 Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via  the "/insert/file" petition, "creator" and "license_holder" parameters. [email protected] 5.1 0.20% 2025-08-29 2026-06-17
CVE-2025-51535 Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 as discovered to contain a SQL injection vulnerability. [email protected] 9.1 0.42% 2025-08-04 2026-06-17
CVE-2025-51534 A cross-site scripting (XSS) vulnerability in Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name field. [email protected] 8.1 0.39% 2025-08-04 2026-06-17
CVE-2025-51536 Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 as discovered to contain a hardcoded Administrator password. [email protected] 9.8 0.50% 2025-08-04 2026-06-17
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence