Vvveb Vvvebjs vulnerabilities
7 known vulnerabilities affecting vvveb/vvvebjs.
Total CVEs
7
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH1MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2024-29272P2MEDIUMCVSS 6.5PoCfixed in 1.7.52024-03-22
CVE-2024-29272 [MEDIUM] CWE-434 CVE-2024-29272: Arbitrary File Upload vulnerability in VvvebJs before version 1.7.5, allows unauthenticated remote a
Arbitrary File Upload vulnerability in VvvebJs before version 1.7.5, allows unauthenticated remote attackers to execute arbitrary code and obtain sensitive information via the sanitizeFileName parameter in save.php.
ghsanvdosv
CVE-2024-27480P3CRITICALCVSS 9.8v1.7.22025-12-29
CVE-2024-27480 [CRITICAL] CWE-434 CVE-2024-27480: givanz VvvebJs 1.7.2 is vulnerable to Insecure File Upload.
givanz VvvebJs 1.7.2 is vulnerable to Insecure File Upload.
nvd
CVE-2024-25182P3CRITICALCVSS 9.8v1.7.22025-12-29
CVE-2024-25182 [CRITICAL] CWE-434 CVE-2024-25182: givanz VvvebJs 1.7.2 suffers from a File Upload vulnerability via save.php.
givanz VvvebJs 1.7.2 suffers from a File Upload vulnerability via save.php.
nvd
CVE-2024-25181P3CRITICALCVSS 9.1≤ 1.7.42025-12-29
CVE-2024-25181 [CRITICAL] CWE-918 CVE-2024-25181: A critical vulnerability has been identified in givanz VvvebJs 1.7.2, which allows both Server-Side
A critical vulnerability has been identified in givanz VvvebJs 1.7.2, which allows both Server-Side Request Forgery (SSRF) and arbitrary file reading. The vulnerability stems from improper handling of user-supplied URLs in the "file_get_contents" function within the "save.php" file.
nvd
CVE-2024-25183P3HIGHCVSS 7.5v1.7.22025-12-29
CVE-2024-25183 [HIGH] CWE-22 CVE-2024-25183: givanz VvvebJs 1.7.2 is vulnerable to Directory Traversal via scan.php.
givanz VvvebJs 1.7.2 is vulnerable to Directory Traversal via scan.php.
nvd
CVE-2025-8522P4MEDIUMCVSS 5.0≤ 2.0.42025-08-04
CVE-2025-8522 [MEDIUM] CWE-22 CVE-2025-8522: A vulnerability, which was classified as critical, was found in givanz Vvvebjs up to 2.0.4. Affected
A vulnerability, which was classified as critical, was found in givanz Vvvebjs up to 2.0.4. Affected is an unknown function of the file /save.php of the component node.js. The manipulation of the argument File leads to path traversal. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to
nvd
CVE-2024-29271P4MEDIUMCVSS 6.1fixed in 1.7.72024-03-22
CVE-2024-29271 [MEDIUM] CWE-79 CVE-2024-29271: Reflected Cross-Site Scripting (XSS) vulnerability in VvvebJs before version 1.7.7, allows remote at
Reflected Cross-Site Scripting (XSS) vulnerability in VvvebJs before version 1.7.7, allows remote attackers to execute arbitrary code and obtain sensitive information via the action parameter in save.php.
ghsanvdosv