CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49489
https://notcve.org/view.php?id=CVE-2023-49489
19 Dec 2023 — Reflective Cross Site Scripting (XSS) vulnerability in KodExplorer version 4.51, allows attackers to obtain sensitive information and escalate privileges via the APP_HOST parameter at config/i18n/en/main.php. Vulnerabilidad de Cross Site Scripting (XSS) Reflejado en KodeExplorer versión 4.51 permite a los atacantes obtener información confidencial y escalar privilegios a través del parámetro APP_HOST en config/i18n/en/main.php. • https://github.com/kalcaddle/KodExplorer/issues/526 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6853 – kalcaddle KodExplorer app.php index server-side request forgery
https://notcve.org/view.php?id=CVE-2023-6853
16 Dec 2023 — A vulnerability classified as critical was found in kalcaddle KodExplorer up to 4.51.03. Affected by this vulnerability is the function index of the file plugins/officeLive/app.php. The manipulation of the argument path leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/kalcaddle/KodExplorer/commit/5cf233f7556b442100cf67b5e92d57ceabb126c6 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6852 – kalcaddle KodExplorer app.php server-side request forgery
https://notcve.org/view.php?id=CVE-2023-6852
16 Dec 2023 — A vulnerability classified as critical has been found in kalcaddle KodExplorer up to 4.51.03. Affected is an unknown function of the file plugins/webodf/app.php. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/kalcaddle/KodExplorer/commit/5cf233f7556b442100cf67b5e92d57ceabb126c6 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6851 – kalcaddle KodExplorer ZIP Archive app.php unzipList code injection
https://notcve.org/view.php?id=CVE-2023-6851
16 Dec 2023 — A vulnerability was found in kalcaddle KodExplorer up to 4.51.03. It has been rated as critical. This issue affects the function unzipList of the file plugins/zipView/app.php of the component ZIP Archive Handler. The manipulation leads to code injection. The attack may be initiated remotely. • https://github.com/kalcaddle/KodExplorer/commit/5cf233f7556b442100cf67b5e92d57ceabb126c6 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6850 – kalcaddle KodExplorer API Endpoint unrestricted upload
https://notcve.org/view.php?id=CVE-2023-6850
16 Dec 2023 — A vulnerability was found in kalcaddle KodExplorer up to 4.51.03. It has been declared as critical. This vulnerability affects unknown code of the file /index.php?pluginApp/to/yzOffice/getFile of the component API Endpoint Handler. The manipulation of the argument path/file leads to unrestricted upload. • https://github.com/kalcaddle/KodExplorer/commit/5cf233f7556b442100cf67b5e92d57ceabb126c6 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-36646
https://notcve.org/view.php?id=CVE-2021-36646
06 Sep 2023 — A Cross Site Scrtpting (XSS) vulnerability in KodExplorer 4.45 allows remote attackers to run arbitrary code via /index.php page. Una vulnerabilidad de Cross Site Scrtpting (XSS) en KodExplorer 4.45 permite a los atacantes remotos ejecutar código arbitrario a través de la página /index.php. • https://github.com/kalcaddle/KodExplorer/issues/482 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-37153
https://notcve.org/view.php?id=CVE-2023-37153
10 Jul 2023 — KodExplorer 4.51 contains a Cross-Site Scripting (XSS) vulnerability in the Description box of the Light App creation feature. An attacker can exploit this vulnerability by injecting XSS syntax into the Description field. • https://github.com/Trinity-SYT-SECURITY/XSS_vuln_issue/blob/main/KodExplorer4.51.03.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 4CVE-2022-4944 – kalcaddle KodExplorer cross-site request forgery
https://notcve.org/view.php?id=CVE-2022-4944
21 Apr 2023 — A vulnerability, which was classified as problematic, has been found in kalcaddle KodExplorer up to 4.49. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://www.exploit-db.com/exploits/51388 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46154 – Arbitrary file access in KodExplorer
https://notcve.org/view.php?id=CVE-2022-46154
06 Dec 2022 — Kodexplorer is a chinese language web based file manager and browser based code editor. Versions prior to 4.50 did not prevent unauthenticated users from requesting arbitrary files from the host OS file system. As a result any files available to the host process may be accessed by arbitrary users. This issue has been addressed in version 4.50. Users are advised to upgrade. • https://github.com/kalcaddle/KodExplorer/commit/1f7072c0e12150686f10ee8cda82c004f04be98c • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •