Aggregates CVE and security vulnerability intelligence across all hadsky-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk cross-site scripting and vendor risk csrf, with potential vendor impact session compromise across vendor surface production workloads and vendor surface software deployment use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-30886 | A stored cross-site scripting (XSS) vulnerability in the remotelink function of HadSky v7.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter. | [email protected] | 5.4 | 0.08% | 2024-04-23 | 2025-05-21 |
| CVE-2024-30885 | Reflected Cross-Site Scripting (XSS) vulnerability in HadSky v7.6.3, allows remote attackers to execute arbitrary code and obtain sensitive information via the chklogin.php component . | [email protected] | 6.1 | 0.26% | 2024-04-11 | 2025-05-21 |
| CVE-2023-46428 | An arbitrary file upload vulnerability in HadSky v7.12.10 allows attackers to execute arbitrary code via a crafted file. | [email protected] | 8.8 | 0.17% | 2023-11-01 | 2024-11-21 |
| CVE-2023-3579 | A vulnerability, which was classified as problematic, has been found in HadSky 7.11.8. Affected by this issue is some unknown functionality of the component User Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-233372. | [email protected] | 4.3 | 0.18% | 2023-07-10 | 2024-11-21 |
| CVE-2023-1685 | A vulnerability was found in HadSky up to 7.11.8. It has been declared as critical. This vulnerability affects unknown code of the file /install/index.php of the component Installation Interface. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-224242 is the identifier assigned to this vulnerability. | [email protected] | 6.3 | 5.79% | 2023-03-29 | 2024-11-21 |
| CVE-2023-1684 | A vulnerability was found in HadSky 7.7.16. It has been classified as problematic. This affects an unknown part of the file upload/index.php?c=app&a=superadmin:index. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224241 was assigned to this vulnerability. | [email protected] | 4.7 | 0.46% | 2023-03-29 | 2024-11-21 |