Montala: >> Resourcespace >> 3.8 Security Vulnerabilities
In Montala ResourceSpace through 9.8 before r19636, csv_export_results_metadata.php allows attackers to export collection metadata via a non-NULL k value.
CVSS Score
6.5
EPSS Score
0.139
Published
2022-07-17
ResourceSpace before 9.6 rev 18290 is affected by a reflected Cross-Site Scripting vulnerability in plugins/wordpress_sso/pages/index.php via the wordpress_user parameter. If an attacker is able to persuade a victim to visit a crafted URL, malicious JavaScript content may be executed within the context of the victim's browser.
CVSS Score
6.1
EPSS Score
0.55
Published
2021-11-15
SQL injection vulnerability in Montala Limited ResourceSpace 7.3.7009 and earlier allows remote attackers to execute arbitrary SQL commands via the "user" cookie to plugins/feedback/pages/feedback.php.
CVSS Score
7.5
EPSS Score
0.003
Published
2015-09-11
Directory traversal vulnerability in pages/setup.php in Montala Limited ResourceSpace before 7.2.6727 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the defaultlanguage parameter.
CVSS Score
7.5
EPSS Score
0.458
Published
2015-06-09
ResourceSpace before 4.2.2833 does not properly validate access keys, which allows remote attackers to bypass intended resource restrictions via unspecified vectors.
CVSS Score
5.0
EPSS Score
0.002
Published
2011-11-19