Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

All statuses
Filter by:
With package: lomiri.lomiri-download-manager

Found 3 matching suggestions

View:
Compact
Detailed
Untriaged
Permalink CVE-2026-39615
created 1 month, 3 weeks ago Activity log
  • Created suggestion 1 month, 3 weeks ago
WordPress Download Manager plugin <= 3.3.53 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shahjada Download Manager download-manager allows Stored XSS.This issue affects Download Manager: from n/a through <= 3.3.53.

Affected products

download-manager
  • =<3.3.53

Matching in nixpkgs

Package maintainers

Untriaged
Permalink CVE-2026-39676
5.3 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): Low (L)
  • Integrity (I): None (N)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): Low (L)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): None (N)
created 1 month, 3 weeks ago Activity log
  • Created suggestion 1 month, 3 weeks ago
WordPress Download Manager plugin <= 3.3.52 - Broken Access Control vulnerability

Missing Authorization vulnerability in Shahjada Download Manager download-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Manager: from n/a through <= 3.3.52.

Affected products

download-manager
  • =<3.3.52

Matching in nixpkgs

Package maintainers

Dismissed
Permalink CVE-2022-45836
7.1 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): Required (R)
  • Scope (S): Changed (C)
  • Confidentiality (C): Low (L)
  • Integrity (I): Low (L)
  • Availability (A): Low (L)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): Required (R)
  • Modified Confidentiality (MC): Low (L)
  • Modified Scope (MS): Changed (C)
  • Modified Integrity (MI): Low (L)
  • Modified Availability (MA): Low (L)
updated 1 year, 4 months ago by @Erethon Activity log
  • Created suggestion 1 year, 4 months ago
  • @Erethon accepted 1 year, 4 months ago
  • @Erethon dismissed 1 year, 4 months ago
  • @Erethon accepted 1 year, 4 months ago
  • @Erethon dismissed 1 year, 4 months ago
WordPress Download Manager Plugin <= 3.2.59 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in W3 Eden, Inc. Download Manager plugin <= 3.2.59 versions.

Affected products

download-manager
  • =<3.2.59

Matching in nixpkgs

Package maintainers