webasyst CVE Vulnerabilities & CVE List (4)

Products (CPE): — CVEs: 4

webasyst vulnerability overview

Aggregates CVE and security vulnerability intelligence across all webasyst-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.

Historical issues mainly involve vendor risk cross-site scripting and vendor risk sql injection and related problems; some flaws may lead to vendor impact session compromise and vendor impact data exposure.

Vulnerability distribution trend (last 24 months)

CVE	Summary	Source	Max CVSS	EPSS %	Published	Updated
CVE-2024-27517	Webasyst 2.9.9 has a Cross-Site Scripting (XSS) vulnerability, Attackers can create blogs containing malicious code after gaining blog permissions.	[email protected]	5.4	0.43%	2024-02-29	2024-12-16
CVE-2014-8377	Cross-site scripting (XSS) vulnerability in Webasyst Shop-Script 5.2.2.30933 allows remote attackers to inject arbitrary web script or HTML via the phone number field in a new contact to phpecom/index.php/webasyst/contacts/.	[email protected]	4.3	1.43%	2014-10-21	2026-05-06
CVE-2010-4859	SQL injection vulnerability in index.php in WebAsyst Shop-Script allows remote attackers to execute arbitrary SQL commands via the blog_id parameter in a news action.	[email protected]	7.5	1.18%	2011-10-05	2026-04-29
CVE-2010-1464	Multiple cross-site scripting (XSS) vulnerabilities in WebAsyst Shop-Script FREE allow remote attackers to inject arbitrary web script or HTML via the (1) currency_id_left, (2) currency_id_right, (3) darkcolor, (4) lightcolor, (5) middlecolor, and (6) w parameters.	[email protected]	4.3	1.02%	2010-04-16	2026-04-29

cvelogic Threat Intelligence