Aggregates CVE and security vulnerability intelligence across all onethird-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk cross-site scripting and related problems; some flaws may lead to vendor impact session compromise, affecting vendor surface software deployment scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2020-5640 | Local file inclusion vulnerability in OneThird CMS v1.96c and earlier allows a remote unauthenticated attacker to execute arbitrary code or obtain sensitive information via unspecified vectors. | [email protected] | 9.8 | 3.09% | 2020-10-20 | 2024-11-21 |
| CVE-2017-2124 | Cross-site scripting vulnerability in OneThird CMS v1.73 Heaven's Door and earlier allows remote attackers to inject arbitrary web script or HTML via contact.php. | [email protected] | 6.1 | 0.27% | 2017-04-28 | 2026-05-13 |
| CVE-2017-2123 | Cross-site scripting vulnerability in OneThird CMS v1.73 Heaven's Door and earlier allows remote attackers to inject arbitrary web script or HTML via language.php. | [email protected] | 6.1 | 0.32% | 2017-04-28 | 2026-05-13 |