Aggregates CVE and security vulnerability intelligence across all easyxdm-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk cross-site scripting, with potential vendor impact session compromise across vendor surface software deployment and vendor surface production workloads use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-27739 | easyXDM 2.5 allows XSS via the xdm_e parameter. | [email protected] | 6.1 | 0.19% | 2024-01-08 | 2025-06-18 |
| CVE-2013-5212 | Cross-site Scripting (XSS) in EasyXDM before 2.4.18 allows remote attackers to inject arbitrary web script or html via the easyxdm.swf file. | [email protected] | 6.1 | 0.30% | 2020-02-14 | 2024-11-21 |
| CVE-2014-1403 | Cross-site scripting (XSS) vulnerability in name.html in easyXDM before 2.4.19 allows remote attackers to inject arbitrary web script or HTML via the location.hash value. | [email protected] | 4.3 | 0.80% | 2014-02-05 | 2026-04-29 |