Browse all 3 CVE security advisories affecting arenaim. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Arenaim is a platform primarily used for application development and deployment, with a core focus on enabling rapid software prototyping and testing. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, as evidenced by its three recorded CVEs. The platform's security characteristics include its complex architecture which often introduces multiple attack surfaces, though no major public security incidents have been widely reported. Its vulnerabilities typically stem from insufficient input validation and improper access controls, posing risks to organizations relying on it for development workflows.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-12526 | Arena.IM – Live Blogging for real-time events <= 0.4.1 - Cross-Site Request Forgery to Settings Update — Arena.IM – Live Blogging for real-time eventsCWE-352 | 4.3 | Medium | 2024-12-12 |
| CVE-2024-12463 | Arena.IM – Live Blogging for real-time events <= 0.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via arena_embed_amp Shortcode — Arena.IM – Live Blogging for real-time eventsCWE-79 | 6.4 | Medium | 2024-12-12 |
| CVE-2024-11384 | Arena.IM – Live Blogging for real-time events <= 0.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — Arena.IM – Live Blogging for real-time eventsCWE-79 | 6.4 | Medium | 2024-12-12 |
This page lists every published CVE security advisory associated with arenaim. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.