📦 Openatlas

by Craws

🔍 What is Openatlas?

Description coming soon...

🛡️ Security Overview

Click on a severity to filter vulnerabilities

⚠️ Known Vulnerabilities

CVE-2025-51535

CRITICAL CVSS 9.1 Aug 4, 2025

OpenAtlas v8.11.0 contains an unrestricted SQL console in the admin UI that allows authenticated administrators to execute arbitrary SQL queries. This vulnerability enables complete database manipulat...

CVE-2025-51536

CRITICAL CVSS 9.8 Aug 4, 2025

OpenAtlas v8.11.0 contains a hardcoded administrator password, allowing attackers to gain full administrative access to the system. This affects all deployments using the vulnerable version, potential...

CVE-2025-60915

HIGH CVSS 8.1 Nov 24, 2025

This vulnerability allows attackers to perform path traversal attacks via the size query parameter in Openatlas's /views/file.py endpoint. Attackers can potentially read arbitrary files on the server,...

CVE-2025-51534

HIGH CVSS 8.1 Aug 4, 2025

This stored cross-site scripting (XSS) vulnerability in Austrian Archaeological Institute OpenAtlas allows attackers to inject malicious scripts into the Name field, which are then executed when other...

CVE-2025-60917

MEDIUM CVSS 4.6 Nov 24, 2025

A reflected cross-site scripting (XSS) vulnerability in Austrian Archaeological Institute Openatlas allows attackers to inject malicious scripts via the color parameter in the /overview/network/ endpo...

CVE-2025-60914

MEDIUM CVSS 4.6 Nov 24, 2025

This vulnerability allows attackers to bypass access controls in Austrian Archaeological Institute Openatlas by sending crafted GET requests to the /display_logo endpoint, potentially exposing sensiti...

CVE-2025-60916

MEDIUM CVSS 5.4 Nov 24, 2025

A reflected cross-site scripting (XSS) vulnerability in the /overview/network/ endpoint of Austrian Archaeological Institute Openatlas allows attackers to inject malicious scripts via the charge param...

CVE-2025-56423

MEDIUM CVSS 5.3 Nov 24, 2025

This vulnerability in OpenAtlas v8.12.0 allows remote attackers to enumerate valid usernames through login error messages. Attackers can determine which accounts exist in the system by analyzing diffe...

CVE-2025-40708

MEDIUM CVSS 5.4 Aug 29, 2025

A stored Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 allows attackers to inject malicious scripts via the '/insert/event' endpoint's 'name' parameter. This could enable session hijack...

CVE-2025-40706

MEDIUM CVSS 5.4 Aug 29, 2025

A stored Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 allows remote attackers to inject malicious scripts via the 'name' parameter in POST requests to '/insert/source'. This could enab...

CVE-2025-40704

MEDIUM CVSS 5.4 Aug 29, 2025

A Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 allows remote attackers to inject malicious scripts via the 'name' parameter in POST requests to '/insert/edition'. This could enable ses...

CVE-2025-40702

MEDIUM CVSS 5.4 Aug 29, 2025

A stored Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 allows remote attackers to inject malicious scripts via the 'creator' and 'license_holder' parameters in POST requests to '/insert...