Shodan
Vulnerabilities
Vulnerable Software
Humhub:  >> Humhub  >> 1.3.10  Security Vulnerabilities
CVE-2024-52043
Generation of Error Message Containing Sensitive InformationĀ in HumHub GmbH & Co. KG - HumHub on Linux allows: Excavation (user enumeration).This issue affects all released HumHub versions: through 1.16.2.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-11-06
CVE-2022-31133
HumHub is an Open Source Enterprise Social Network. Affected versions of HumHub are vulnerable to a stored Cross-Site Scripting (XSS) vulnerability. For exploitation, the attacker would need a permission to administer the Spaces feature. The names of individual "spaces" are not properly escaped and so an attacker with sufficient privilege could insert malicious javascript into a space name and exploit system users who visit that space. It is recommended that the HumHub is upgraded to 1.11.4, 1.10.5. There are no known workarounds for this issue.
CVSS Score
5.9
EPSS Score
0.003
Published
2022-07-07
CVE-2022-24865
HumHub is an Open Source Enterprise Social Network. In affected versions users who are forced to change their password by an administrator may retrieve other users' data. This issue has been resolved by commit `eb83de20`. It is recommended that the HumHub is upgraded to 1.11.0, 1.10.4 or 1.9.4. There are no known workarounds for this issue.
CVSS Score
6.5
EPSS Score
0.003
Published
2022-04-20
CVE-2021-43847
HumHub is an open-source social network kit written in PHP. Prior to HumHub version 1.10.3 or 1.9.3, it could be possible for registered users to become unauthorized members of private Spaces. Versions 1.10.3 and 1.9.3 contain a patch for this issue.
CVSS Score
6.5
EPSS Score
0.003
Published
2021-12-20
CVE-2019-9093
A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in file/file/upload in Humhub 1.3.10 Community Edition. The user-supplied input containing a JavaScript payload in the filename parameter is echoed back, which resulted in reflected XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-03-21
CVE-2019-9094
A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in /s/adada/cfiles/upload in Humhub 1.3.10 Community Edition. The user-supplied input containing JavaScript in the filename is echoed back in JavaScript code, which resulted in XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-03-21


Products
Pricing
Contact Us

Shodan ® - All rights reserved