Rodney Rehm

5 exploits Active since Sep 2018
CVE-2018-13982 WRITEUP HIGH WRITEUP
Smarty < 3.1.33 - Path Traversal via Trusted Resource Directory Bypass
Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files.
CVSS 7.5
CVE-2022-0868 WRITEUP MEDIUM WRITEUP
uri.js < 1.19.10 - Open Redirect
Open Redirect in GitHub repository medialize/uri.js prior to 1.19.10.
CVSS 6.1
CVE-2022-1233 WRITEUP MEDIUM WRITEUP
URI.js <1.19.11 - URL Confusion When Scheme Is Missing
URL Confusion When Scheme Not Supplied in GitHub repository medialize/uri.js prior to 1.19.11.
CVSS 6.1
CVE-2022-1243 WRITEUP MEDIUM WRITEUP
uri.js < 1.19.11 - Cross-Site Scripting via CRHTLF Protocol Extraction
CRHTLF can lead to invalid protocol extraction potentially leading to XSS in GitHub repository medialize/uri.js prior to 1.19.11.
CVSS 6.1
CVE-2022-24723 WRITEUP MEDIUM WRITEUP
URI.js <1.19.9 - URL Parsing Confusion via Leading Whitespace
URI.js is a Javascript URL mutation library. Before version 1.19.9, whitespace characters are not removed from the beginning of the protocol, so URLs are not parsed properly. This issue has been patched in version 1.19.9. Removing leading whitespace from values before passing them to URI.parse can be used as a workaround.
CVSS 5.3