Vulnerabilities (CVE)

Filtered by vendor Onenav Subscribe
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-7210 1 Onenav 1 Onenav 2024-11-21 7.5 HIGH 7.3 HIGH
A vulnerability was found in OneNav up to 0.9.33. It has been classified as critical. This affects an unknown part of the file /index.php?c=api of the component API. The manipulation of the argument X-Token leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249765 was assigned to this vulnerability.
CVE-2022-26276 1 Onenav 1 Onenav 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
An issue in index.php of OneNav v0.9.14 allows attackers to perform directory traversal.
CVE-2021-38712 1 Onenav 1 Onenav 2024-11-21 5.0 MEDIUM 7.5 HIGH
OneNav 0.9.12 allows Information Disclosure of the onenav.db3 contents. NOTE: the vendor's recommended solution is to block the access via an NGINX configuration file.
CVE-2021-38138 1 Onenav 1 Onenav 2024-11-21 3.5 LOW 5.4 MEDIUM
OneNav beta 0.9.12 allows XSS via the Add Link feature. NOTE: the vendor's position is that there intentionally is not any XSS protection at present, because the attack risk is largely limited to a compromised account; however, XSS protection is planned for a future release.