This page aggregates publicly disclosed CVE and security risk information related to armanidrisi, with CVSS, EPSS, publication dates, and vulnerability intelligence data to help assess potential risk and remediation priority.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-6144 | Dev blog v1.0 allows to exploit an account takeover through the "user" cookie. With this, an attacker can access any user's session just by knowing their username. | [email protected] | 9.1 | 0.45% | 2023-11-21 | 2024-11-21 |
| CVE-2023-6142 | Dev blog v1.0 allows to exploit an XSS through an unrestricted file upload, together with a bad entropy of filenames. With this an attacker can upload a malicious HTML file, then guess the filename of the uploaded file and send it to a potential victim. | [email protected] | 5.4 | 0.43% | 2023-11-21 | 2025-05-19 |