Erxes

erxes

4 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-57190 1Erxes 1Erxes Jun 20, 2025 Jun 10, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Erxes <1.6.1 is vulnerable to Incorrect Access Control. An attacker can bypass authentication by providing a "User" HTTP header that contains any user, allowing them to talk to any GraphQL endpoint.
CVE-2024-57189 1Erxes 1Erxes Jun 20, 2025 Jun 10, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 In Erxes <1.6.2, an authenticated attacker can write to arbitrary files on the system using a Path Traversal vulnerability in the importHistoriesCreate GraphQL mutation handler.
CVE-2024-57186 1Erxes 1Erxes Jun 20, 2025 Jun 10, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 In Erxes <1.6.2, an unauthenticated attacker can read arbitrary files from the system using a Path Traversal vulnerability in the /read-file endpoint handler.
CVE-2021-32853 1Erxes 1Erxes Nov 21, 2024 Feb 20, 2023 N/A· v4 9.6 CRITICAL· v3 N/A· v2 Erxes, an experience operating system (XOS) with a set of plugins, is vulnerable to cross-site scripting in versions 0.22.3 and prior. This results in client-side code execution. The victim must follow a malicious link o...Show more Erxes, an experience operating system (XOS) with a set of plugins, is vulnerable to cross-site scripting in versions 0.22.3 and prior. This results in client-side code execution. The victim must follow a malicious link or be redirected there from malicious web site. There are no known patches.Show less