openenergymonitor CVE Vulnerabilities & Metrics

Focus on openenergymonitor vulnerabilities and metrics.

Last updated: 21 Aug 2025, 22:25 UTC

About openenergymonitor Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with openenergymonitor. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total openenergymonitor CVEs: 4
Earliest CVE date: 12 Feb 2017, 04:59 UTC
Latest CVE date: 06 Feb 2025, 19:15 UTC

Latest CVE reference: CVE-2025-22992

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 1

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical openenergymonitor CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 3.02

Max CVSS: 4.3

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	2
4.0-6.9	2
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS openenergymonitor CVEs

These are the five CVEs with the highest CVSS scores for openenergymonitor, sorted by severity first and recency.

CVE-2021-26716 openenergymonitor Published on 21 Feb 2021, 06:15 UTC (CVSS: 4.3)
Modules/input/Views/schedule.php in Emoncms through 10.2.7 allows XSS via the node parameter.
CVE-2017-5964 openenergymonitor Published on 12 Feb 2017, 04:59 UTC (CVSS: 4.3)
An issue was discovered in Emoncms through 9.8.0. The vulnerability exists due to insufficient filtration of user-supplied data in multiple HTTP GET parameters passed to the "emoncms-master/Modules/vis/visualisations/compare.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
CVE-2019-1010008 openenergymonitor Published on 15 Jul 2019, 02:15 UTC (CVSS: 3.5)
OpenEnergyMonitor Project Emoncms 9.8.8 is affected by: Cross Site Scripting (XSS). The impact is: Theoretically low, but might potentially enable persistent XSS (user could embed mal. code). The component is: Javascript code execution in "Name", "Location", "Bio" and "Starting Page" fields in the "My Account" page. File: Lib/listjs/list.js, line 67. The attack vector is: unknown, victim must o...
CVE-2025-22992 openenergymonitor Published on 06 Feb 2025, 19:15 UTC (CVSS: 0)
A SQL Injection vulnerability exists in the /feed/insert.json endpoint of the Emoncms project >= 11.6.9. The vulnerability is caused by improper handling of user-supplied input in the data query parameter, allowing attackers to execute arbitrary SQL commands under specific conditions.

All CVEs for openenergymonitor

CVE-2025-22992 openenergymonitor vulnerability CVSS: 0 06 Feb 2025, 19:15 UTC

A SQL Injection vulnerability exists in the /feed/insert.json endpoint of the Emoncms project >= 11.6.9. The vulnerability is caused by improper handling of user-supplied input in the data query parameter, allowing attackers to execute arbitrary SQL commands under specific conditions.

CVE-2021-26716 openenergymonitor vulnerability CVSS: 4.3 21 Feb 2021, 06:15 UTC

Modules/input/Views/schedule.php in Emoncms through 10.2.7 allows XSS via the node parameter.

CVE-2019-1010008 openenergymonitor vulnerability CVSS: 3.5 15 Jul 2019, 02:15 UTC

OpenEnergyMonitor Project Emoncms 9.8.8 is affected by: Cross Site Scripting (XSS). The impact is: Theoretically low, but might potentially enable persistent XSS (user could embed mal. code). The component is: Javascript code execution in "Name", "Location", "Bio" and "Starting Page" fields in the "My Account" page. File: Lib/listjs/list.js, line 67. The attack vector is: unknown, victim must open profile page if persistent was possible.

CVE-2017-5964 openenergymonitor vulnerability CVSS: 4.3 12 Feb 2017, 04:59 UTC

An issue was discovered in Emoncms through 9.8.0. The vulnerability exists due to insufficient filtration of user-supplied data in multiple HTTP GET parameters passed to the "emoncms-master/Modules/vis/visualisations/compare.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.