Http Commander

http_commander

Vendor: Element It • 5 CVEs

CVEs (5)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-24573 1Element It 1Http Commander Nov 21, 2024 Mar 3, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A stored cross-site scripting (XSS) vulnerability in the admin interface in Element-IT HTTP Commander 7.0.0 allows unauthenticated users to get admin access by injecting a malicious script in the User-Agent field.
CVE-2021-40813 1Element It 1Http Commander Nov 21, 2024 Jan 13, 2022 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 A cross-site scripting (XSS) vulnerability in the "Zip content" feature in Element-IT HTTP Commander 3.1.9 allows remote authenticated users to inject arbitrary web script or HTML via filenames.
CVE-2021-33213 1Element It 1Http Commander Nov 21, 2024 Jul 14, 2021 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 An SSRF vulnerability in the "Upload from URL" feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to retrieve HTTP and FTP files from the internal server network by inserting an internal addres...Show more An SSRF vulnerability in the "Upload from URL" feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to retrieve HTTP and FTP files from the internal server network by inserting an internal address.Show less
CVE-2021-33212 1Element It 1Http Commander Nov 21, 2024 Jul 14, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 A Cross-site scripting (XSS) vulnerability in the "View in Browser" feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SVG image.
CVE-2021-33211 1Element It 1Http Commander Nov 21, 2024 Jul 14, 2021 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 A Directory Traversal vulnerability in the Unzip feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to write files to arbitrary directories via relative paths in ZIP archives.