Afian: community verdicts
4 notable / known-exploited Afian CVEs the community has triaged.
ⓘ Not an exhaustive list: we focus on the findings that matter (exploited / notable). For every Afian CVE, see NVD ↗.
- CVE-2021-35504HIGH 7.2Real · low riskEPSS 3%
Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the ffmpeg binary.
- CVE-2021-35505HIGH 7.2Real · low riskEPSS 3%
Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the magick binary.
- CVE-2021-35506MED 6.1EPSS 1%
Afian FileRun 2021.03.26 allows XSS when an administrator encounters a crafted document during use of the HTML Editor for a preview or edit action.
- CVE-2021-35503MED 6.1EPSS 1%
Afian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forwarded-For header that is mishandled when rendering Activity Logs.