Aggregates CVE and security vulnerability intelligence across all vivvo-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk cross-site scripting, vendor risk csrf, and vendor risk path handling and related problems; some flaws may lead to vendor impact file overwrite and vendor impact session compromise.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2009-3787 | files.php in Vivvo CMS 4.1.5.1 allows remote attackers to conduct directory traversal attacks and read arbitrary files via the file parameter with "logs/" in between two . (dot) characters, which is filtered into a "../" sequence. | [email protected] | 5.0 | 4.19% | 2009-10-26 | 2026-04-23 |
| CVE-2008-6801 | Cross-site request forgery (CSRF) vulnerability in Vivvo CMS before 4.0.4 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | [email protected] | 4.4 | 0.06% | 2009-05-07 | 2026-04-23 |
| CVE-2009-0466 | Cross-site scripting (XSS) vulnerability in Vivvo CMS before 4.1.1 allows remote attackers to inject arbitrary web script or HTML via a URI that triggers a 404 Page Not Found response. | [email protected] | 4.3 | 0.30% | 2009-02-10 | 2026-04-23 |