Aggregates CVE and security vulnerability intelligence across all bedita-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Disclosed issues often relate to vendor risk cross-site scripting and vendor risk sql injection; exposure may include vendor impact session compromise and vendor impact data exposure in vendor surface software deployment contexts.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2019-15570 | BEdita through 4.0.0-RC2 allows SQL injection during a save operation for a relation with parameters. | [email protected] | 9.8 | 0.26% | 2019-08-26 | 2024-11-21 |
| CVE-2015-9260 | An issue was discovered in BEdita before 3.7.0. A cross-site scripting (XSS) attack occurs via a crafted pages/showObjects URI, as demonstrated by appending a payload to a pages/showObjects/2/0/0/leafs URI. | [email protected] | 5.4 | 0.25% | 2018-07-05 | 2024-11-21 |
| CVE-2015-6809 | Multiple cross-site scripting (XSS) vulnerabilities in BEdita before 3.6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) cfg[projectName] parameter to index.php/admin/saveConfig, the (2) data[stats_provider_url] parameter to index.php/areas/saveArea, or the (3) data[description] parameter to index.php/areas/saveSection. | [email protected] | 4.3 | 3.50% | 2015-09-04 | 2026-05-06 |
| CVE-2015-1040 | Multiple cross-site scripting (XSS) vulnerabilities in the administrative backend in BEdita 3.4.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) lrealname field in the editProfile form to index.php/home/profile; the (2) data[title] or (3) data[description] field in the addQuickItem form to index.php; the (4) "note text" field in the saveNote form to index.php/areas; or the (5) titleBEObject or (6) tagsArea field in the updateForm form to index.php/documents/v | [email protected] | 3.5 | 0.35% | 2015-01-15 | 2026-05-06 |