Filtered by vendor Litespeed Technologies
Subscriptions
Total
10 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-47855 | 1 Litespeed Technologies | 1 Openlitespeed | 2026-01-26 | 7.2 High |
| Openlitespeed 1.7.9 contains a stored cross-site scripting vulnerability in the dashboard's Notes parameter that allows administrators to inject malicious scripts. Attackers can craft a payload in the Notes field during listener configuration that will execute when an administrator clicks on the Default Icon. | ||||
| CVE-2021-47903 | 1 Litespeed Technologies | 1 Litespeed Web Server | 2026-01-26 | 8.8 High |
| LiteSpeed Web Server Enterprise 5.4.11 contains an authenticated command injection vulnerability in the external app configuration interface. Authenticated administrators can inject shell commands through the 'Command' parameter in the server configuration, allowing remote code execution via path traversal and bash command injection. | ||||
| CVE-2025-47437 | 2 Litespeed Technologies, Wordpress | 2 Litespeed Cache, Wordpress | 2025-09-11 | 6.4 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in LiteSpeed Technologies LiteSpeed Cache. This issue affects LiteSpeed Cache: from n/a through 7.0.1. | ||||
| CVE-2024-47374 | 1 Litespeed Technologies | 1 Litespeed Cache | 2025-07-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through 6.5.0.2. | ||||
| CVE-2024-47373 | 2 Litespeed Technologies, Wordpress | 2 Litespeed Cache, Wordpress | 2025-07-13 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through 6.5.0.2. | ||||
| CVE-2023-45000 | 2 Litespeed Technologies, Wordpress | 2 Litespeed Cache, Wordpress | 2025-07-12 | 8.2 High |
| Missing Authorization vulnerability in LiteSpeed Technologies LiteSpeed Cache.This issue affects LiteSpeed Cache: from n/a through 5.7. | ||||
| CVE-2007-5654 | 1 Litespeed Technologies | 1 Litespeed Web Server | 2025-04-09 | N/A |
| LiteSpeed Web Server before 3.2.4 allows remote attackers to trigger use of an arbitrary MIME type for a file via a "%00." sequence followed by a new extension, as demonstrated by reading PHP source code via requests for .php%00.txt files, aka "Mime Type Injection." | ||||
| CVE-2005-3695 | 1 Litespeed Technologies | 1 Litespeed Web Server | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in admin/config/confMgr.php in LiteSpeed Web Server 2.1.5 allows remote attackers to inject arbitrary web script or HTML via the m parameter. | ||||
| CVE-2024-50550 | 1 Litespeed Technologies | 1 Litespeed Cache | 2024-10-29 | 8.1 High |
| Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Privilege Escalation.This issue affects LiteSpeed Cache: from n/a through 6.5.1. | ||||
| CVE-2024-47637 | 1 Litespeed Technologies | 1 Litespeed Cache | 2024-10-16 | 8.8 High |
| : Relative Path Traversal vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Path Traversal.This issue affects LiteSpeed Cache: from n/a through 6.4.1. | ||||
Page 1 of 1.