Oxidized Web Project Oxidized Web vulnerabilities
2 known vulnerabilities affecting oxidized_web_project/oxidized_web.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2025-27590P2CRITICALCVSS 9.8fixed in 0.15.02025-03-03
CVE-2025-27590 [CRITICAL] CWE-22 CVE-2025-27590: In oxidized-web (aka Oxidized Web) before 0.15.0, the RANCID migration page allows an unauthenticate
In oxidized-web (aka Oxidized Web) before 0.15.0, the RANCID migration page allows an unauthenticated user to gain control over the Linux user account that is running oxidized-web.
nvd
CVE-2019-25088P4MEDIUMCVSS 5.4fixed in 2019-07-012022-12-27
CVE-2019-25088 [MEDIUM] CWE-79 CVE-2019-25088: A vulnerability was found in ytti Oxidized Web. It has been classified as problematic. Affected is a
A vulnerability was found in ytti Oxidized Web. It has been classified as problematic. Affected is an unknown function of the file lib/oxidized/web/views/conf_search.haml. The manipulation of the argument to_research leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is 55ab9bdc68b03ebce9280b8746ef31d7f
nvd