tianti_project CVE Vulnerabilities & Metrics

Focus on tianti_project vulnerabilities and metrics.

Last updated: 29 Jun 2025, 22:25 UTC

About tianti_project Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with tianti_project. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total tianti_project CVEs: 8
Earliest CVE date: 07 Nov 2018, 19:29 UTC
Latest CVE date: 10 Mar 2025, 22:15 UTC

Latest CVE reference: CVE-2025-27910

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 3

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical tianti_project CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 2.62

Max CVSS: 6.5

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	6
4.0-6.9	2
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS tianti_project CVEs

These are the five CVEs with the highest CVSS scores for tianti_project, sorted by severity first and recency.

CVE-2018-19109 tianti_project Published on 08 Nov 2018, 08:29 UTC (CVSS: 6.5)
tianti 2.3 allows remote authenticated users to bypass intended permission restrictions by visiting tianti-module-admin/cms/column/list directly to read the column list page or edit a column.
CVE-2018-19110 tianti_project Published on 08 Nov 2018, 08:29 UTC (CVSS: 4.0)
The skin-management feature in tianti 2.3 allows remote authenticated users to bypass intended permission restrictions by visiting tianti-module-admin/user/skin/list directly because controller\usercontroller.java maps a /skin/list request to the function skinList, and lacks an authorization check.
CVE-2018-19091 tianti_project Published on 07 Nov 2018, 19:29 UTC (CVSS: 3.5)
tianti 2.3 has reflected XSS in the user management module via the tianti-module-admin/user/list userName parameter.
CVE-2018-19090 tianti_project Published on 07 Nov 2018, 19:29 UTC (CVSS: 3.5)
tianti 2.3 has stored XSS in the article management module via an article title.
CVE-2018-19089 tianti_project Published on 07 Nov 2018, 19:29 UTC (CVSS: 3.5)
tianti 2.3 has stored XSS in the userlist module via the tianti-module-admin/user/ajax/save_role name parameter, which is mishandled in tianti-module-admin\src\main\webapp\WEB-INF\views\user\user_list.jsp.

All CVEs for tianti_project

CVE-2025-27910 tianti_project vulnerability CVSS: 0 10 Mar 2025, 22:15 UTC

tianti v2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /user/ajax/upd/status. This vulnerability allows attackers to execute arbitrary operations via a crafted GET or POST request.

CVE-2025-25908 tianti_project vulnerability CVSS: 0 10 Mar 2025, 22:15 UTC

A stored cross-site scripting (XSS) vulnerability in tianti v2.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the coverImageURL parameter at /article/ajax/save.

CVE-2025-25907 tianti_project vulnerability CVSS: 0 10 Mar 2025, 22:15 UTC

tianti v2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /user/ajax/save. This vulnerability allows attackers to execute arbitrary operations via a crafted GET or POST request.

CVE-2018-19110 tianti_project vulnerability CVSS: 4.0 08 Nov 2018, 08:29 UTC

The skin-management feature in tianti 2.3 allows remote authenticated users to bypass intended permission restrictions by visiting tianti-module-admin/user/skin/list directly because controller\usercontroller.java maps a /skin/list request to the function skinList, and lacks an authorization check.

CVE-2018-19109 tianti_project vulnerability CVSS: 6.5 08 Nov 2018, 08:29 UTC

tianti 2.3 allows remote authenticated users to bypass intended permission restrictions by visiting tianti-module-admin/cms/column/list directly to read the column list page or edit a column.

CVE-2018-19091 tianti_project vulnerability CVSS: 3.5 07 Nov 2018, 19:29 UTC

tianti 2.3 has reflected XSS in the user management module via the tianti-module-admin/user/list userName parameter.

CVE-2018-19090 tianti_project vulnerability CVSS: 3.5 07 Nov 2018, 19:29 UTC

tianti 2.3 has stored XSS in the article management module via an article title.

CVE-2018-19089 tianti_project vulnerability CVSS: 3.5 07 Nov 2018, 19:29 UTC

tianti 2.3 has stored XSS in the userlist module via the tianti-module-admin/user/ajax/save_role name parameter, which is mishandled in tianti-module-admin\src\main\webapp\WEB-INF\views\user\user_list.jsp.