cbcvebase.

Kallithea-Scm Kallithea vulnerabilities

5 known vulnerabilities affecting kallithea-scm/kallithea.

Total CVEs
5
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2015-5285P3MEDIUMCVSS 5.0PoC≤ 0.22015-10-29
CVE-2015-5285 [MEDIUM] CVE-2015-5285: CRLF injection vulnerability in Kallithea before 0.3 allows remote attackers to inject arbitrary HTT CRLF injection vulnerability in Kallithea before 0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the came_from parameter to _admin/login.
ghsanvdosv
CVE-2016-3691P3HIGHCVSS 8.8≤ 0.3.12017-04-24
CVE-2016-3691 [HIGH] CWE-352 CVE-2016-3691: Routes in Kallithea before 0.3.2 allows remote attackers to bypass the CSRF protection by using the Routes in Kallithea before 0.3.2 allows remote attackers to bypass the CSRF protection by using the GET HTTP request method.
ghsanvdosv
CVE-2015-0276P4HIGHCVSS 8.8≤ 0.12017-09-21
CVE-2015-0276 [HIGH] CWE-352 CVE-2015-0276: Cross-site request forgery (CSRF) vulnerability in Kallithea before 0.2. Cross-site request forgery (CSRF) vulnerability in Kallithea before 0.2.
ghsanvdosv
CVE-2015-1864P4MEDIUMCVSS 5.4v0.1v0.22017-09-19
CVE-2015-1864 [MEDIUM] CWE-79 CVE-2015-1864: Multiple cross-site scripting (XSS) vulnerabilities in the administration pages in Kallithea before Multiple cross-site scripting (XSS) vulnerabilities in the administration pages in Kallithea before 0.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) first name or (2) last name user details, or the (3) repository, (4) repository group, or (5) user group description.
ghsanvdosv
CVE-2015-0260P4MEDIUMCVSS 4.0v0.12015-02-16
CVE-2015-0260 [MEDIUM] CWE-200 CVE-2015-0260: RhodeCode before 2.2.7 and Kallithea 0.1 allows remote authenticated users to obtain API keys and ot RhodeCode before 2.2.7 and Kallithea 0.1 allows remote authenticated users to obtain API keys and other sensitive information via the get_repo API method.
ghsanvdosv
Kallithea-Scm Kallithea vulnerabilities | cvebase