Alma Blog

alma_blog

Vendor: Alma • 3 CVEs

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-1146 1Alma 1Alma Blog Oct 15, 2025 Mar 19, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cross-Site Scripting vulnerability in Devklan's Alma Blog that affects versions 2.1.10 and earlier. This vulnerability could allow an attacker to store a malicious JavaScript payload within the application by adding the...Show more Cross-Site Scripting vulnerability in Devklan's Alma Blog that affects versions 2.1.10 and earlier. This vulnerability could allow an attacker to store a malicious JavaScript payload within the application by adding the payload to 'Community Description' or 'Community Rules'.Show less
CVE-2024-1145 1Alma 1Alma Blog Oct 15, 2025 Mar 19, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 User enumeration vulnerability in Devklan's Alma Blog that affects versions 2.1.10 and earlier. This vulnerability could allow a remote user to retrieve all valid users registered in the application just by looking at th...Show more User enumeration vulnerability in Devklan's Alma Blog that affects versions 2.1.10 and earlier. This vulnerability could allow a remote user to retrieve all valid users registered in the application just by looking at the request response.Show less
CVE-2024-1144 1Alma 1Alma Blog Oct 15, 2025 Mar 19, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Improper access control vulnerability in Devklan's Alma Blog that affects versions 2.1.10 and earlier. This vulnerability could allow an unauthenticated user to access the application's functionalities without the need f...Show more Improper access control vulnerability in Devklan's Alma Blog that affects versions 2.1.10 and earlier. This vulnerability could allow an unauthenticated user to access the application's functionalities without the need for credentials.Show less