Browse all 3 CVE security advisories affecting josevega. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Josevega primarily develops web applications and APIs for enterprise clients, with a core focus on business process automation. Historically, their products have been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from insufficient input validation and misconfigured access controls. While no major public security incidents have been documented, the three CVEs associated with josevega highlight consistent patterns of insecure coding practices, particularly in authentication mechanisms and data handling. Their security posture appears reactive rather than proactive, with fixes typically deployed only after vulnerabilities are disclosed.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-6996 | Display custom fields in the frontend – Post and User Profile Fields <= 1.2.1 - Authenticated (Contributor+) Code Injection — Display custom fields in the frontend – Post and User Profile FieldsCWE-94 | 8.8 | High | 2024-02-05 |
| CVE-2023-6982 | Display custom fields in the frontend – Post and User Profile Fields <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via vg_display_data — Display custom fields in the frontend – Post and User Profile FieldsCWE-79 | 6.4 | Medium | 2024-02-05 |
| CVE-2023-6983 | Display custom fields in the frontend – Post and User Profile Fields <= 1.2.1 - Insecure Direct Object Reference to Authenticated (Contributor+) Post Meta Disclosure — Display custom fields in the frontend – Post and User Profile FieldsCWE-639 | 4.3 | Medium | 2024-02-05 |
This page lists every published CVE security advisory associated with josevega. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.