Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-57186 | 1 Erxes | 1 Erxes | 2025-06-20 | N/A | 5.4 MEDIUM |
| In Erxes <1.6.2, an unauthenticated attacker can read arbitrary files from the system using a Path Traversal vulnerability in the /read-file endpoint handler. | |||||
| CVE-2024-57189 | 1 Erxes | 1 Erxes | 2025-06-20 | N/A | 5.4 MEDIUM |
| In Erxes <1.6.2, an authenticated attacker can write to arbitrary files on the system using a Path Traversal vulnerability in the importHistoriesCreate GraphQL mutation handler. | |||||
| CVE-2024-57190 | 1 Erxes | 1 Erxes | 2025-06-20 | N/A | 9.8 CRITICAL |
| Erxes <1.6.1 is vulnerable to Incorrect Access Control. An attacker can bypass authentication by providing a "User" HTTP header that contains any user, allowing them to talk to any GraphQL endpoint. | |||||
| CVE-2021-32853 | 1 Erxes | 1 Erxes | 2024-11-21 | N/A | 6.1 MEDIUM |
| Erxes, an experience operating system (XOS) with a set of plugins, is vulnerable to cross-site scripting in versions 0.22.3 and prior. This results in client-side code execution. The victim must follow a malicious link or be redirected there from malicious web site. There are no known patches. | |||||