CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1CVE-2025-3790 – baseweb JSite Apache Druid Monitoring Console index.html access control
https://notcve.org/view.php?id=CVE-2025-3790
18 Apr 2025 — A vulnerability classified as critical has been found in baseweb JSite 1.0. This affects an unknown part of the file /druid/index.html of the component Apache Druid Monitoring Console. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?id.305613 • CWE-266: Incorrect Privilege Assignment CWE-284: Improper Access Control •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-3789 – baseweb JSite save cross site scripting
https://notcve.org/view.php?id=CVE-2025-3789
18 Apr 2025 — A vulnerability was found in baseweb JSite 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /a/sys/area/save. The manipulation of the argument Name leads to cross site scripting. The attack may be launched remotely. • https://vuldb.com/?id.305612 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-3788 – baseweb JSite save cross site scripting
https://notcve.org/view.php?id=CVE-2025-3788
18 Apr 2025 — A vulnerability was found in baseweb JSite 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /a/sys/user/save. The manipulation of the argument Name leads to cross site scripting. The attack can be launched remotely. • https://vuldb.com/?id.305611 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2008-7301 – jsite 1.0 oe - SQL Injection / Local File Inclusion
https://notcve.org/view.php?id=CVE-2008-7301
05 Oct 2011 — SQL injection vulnerability in admin/login.php in jSite 1.0 OE allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de inyección SQL en admin/login.php de jSite 1.0 OE. Permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro username. NOTA: la procedencia de esta información es desconocida; los detalles han sido obt... • https://www.exploit-db.com/exploits/6057 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 2CVE-2008-3192 – jsite 1.0 oe - SQL Injection / Local File Inclusion
https://notcve.org/view.php?id=CVE-2008-3192
16 Jul 2008 — Directory traversal vulnerability in index.php in jSite 1.0 OE allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter. Vulnerabilidad de salto de directorio en index.php de jSite 1.0 OE, permite a atacante remotos incluir y ejecutar archivos en local arbitrariamente a través de un .. (punto punto) en el parámetro module. • https://www.exploit-db.com/exploits/6057 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2008-3193 – jsite 1.0 oe - SQL Injection / Local File Inclusion
https://notcve.org/view.php?id=CVE-2008-3193
16 Jul 2008 — SQL injection vulnerability in jSite 1.0 OE allows remote attackers to execute arbitrary SQL commands via the page parameter to the default URI. Vulnerabilidad de inyección SQL en jSite 1.0 OE permite a atacantes remotos ejecutar comandos SQL arbitrariamente a través del parámetro page de la URI por defecto. • https://www.exploit-db.com/exploits/6057 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •