CVE Tools

vignette

Web & CMS Pluginscommercial

10

Cumulative CVEs

3

Monthly snapshots

#2

Peak rank

Top products

application portal1

Latest CVEs

The 12 most recently published vulnerabilities affecting vignette.

CVE-2018-18941In Vignette Content Management version 6, it is possible to gain remote access to administrator privileges by discovering the admin password in the vgn/ccb/user/mgmt/user/edit/0,1628,0,00.html?uid=...9.8Jan 31, 2019
CVE-2008-6412Unspecified vulnerability in Vignette Content Management 7.3.0.5, 7.3.1, 7.3.1.1, 7.4, and 7.5 allows "low privileged" users to gain administrator privileges via unknown attack vectors.7.5Mar 6, 2009
CVE-2004-0917The default installation of Vignette Application Portal installs the diagnostic utility without authentication requirements, which allows remote attackers to gain sensitive information, such as ser...5.0Nov 19, 2004
CVE-2002-0385Vignette Story Server 4.1 and 6.0 allows remote attackers to obtain sensitive information via a request that contains a large number of '"' (double quote) and and '>' characters, which causes the T...5.0Apr 16, 2004
CVE-2003-0405Vignette StoryServer 5 and Vignette V/6 allows remote attackers to execute arbitrary TCL code via (1) an HTTP query or cookie which is processed in the NEEDS command, or (2) an HTTP Referrer that i...5.0Jun 11, 2003
CVE-2003-0404Multiple Cross Site Scripting (XSS) vulnerabilities in Vignette StoryServer 4 and 5, and Vignette V/5 and V/6, allow remote attackers to insert arbitrary HTML and script via text variables, as demo...4.3Jun 11, 2003
CVE-2003-0403Vignette StoryServer 5 and Vignette V/5 allows remote attackers to read and modify license information, and cause a denial of service (service halt) by directly accessing the /vgn/license template.7.5Jun 11, 2003
CVE-2003-0402The default login template (/vgn/login) in Vignette StoryServer 5 and Vignette V/5 generates different responses whether a user exists or not, which allows remote attackers to identify valid userna...5.0Jun 11, 2003
CVE-2003-0401Vignette StoryServer and Vignette V/5 allows remote attackers to obtain sensitive information via a request for the /vgn/style template.5.0Jun 11, 2003
CVE-2003-0400Vignette StoryServer and Vignette V/5 does not properly calculate the size of text variables, which causes Vignette to return unauthorized portions of memory, as demonstrated using the "-->" string...5.0Jun 11, 2003
CVE-2003-0399Vignette StoryServer 4 and 5, Vignette V/5, and possibly other versions allows remote attackers to perform unauthorized SELECT queries by setting the vgn_creds cookie to an arbitrary value and dire...6.4Jun 11, 2003
CVE-2003-0398Vignette StoryServer 4 and 5, and Vignette V/5 and V/6, with the SSI EXEC feature enabled, allows remote attackers to execute arbitrary code via a text variable to a Vignette Application that is la...7.5Jun 11, 2003