CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Humhub: >> Humhub Security Vulnerabilities

CVE-2016-1229

Cross-site scripting (XSS) vulnerability in HumHub 0.20.0-beta.1 through 0.20.1 and 1.0.0-beta before 1.0.0-beta.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

CVSS Score

5.4

EPSS Score

0.003

Published

2016-06-05

CVE-2014-9528

SQL injection vulnerability in the actionIndex function in protected/modules_core/notification/controllers/ListController.php in HumHub 0.10.0-rc.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the from parameter to index.php. NOTE: this can be leveraged for cross-site scripting (XSS) attacks via a request that causes an error.

CVSS Score

7.5

EPSS Score

0.024

Published

2015-01-06

Page 2

Vulnerabilities

Vulnerable Software

Humhub: >> Humhub Security Vulnerabilities

Products

Pricing

Contact Us