Product
metersphere
21 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-62604
CVE-2025-53639
CVE-2024-37161
CVE-2024-36118
CVE-2024-32467
CVE-2023-50267
CVE-2023-41878
CVE-2023-38494
CVE-2023-37461
CVE-2023-35937
CVE-2023-32699
CVE-2023-29944
CVE-2023-30550
CVE-2023-25814
CVE-2023-25573
CVE-2022-46178
CVE-2022-23544
CVE-2022-23512
CVE-2021-45790
CVE-2021-45789
CVE-2021-45788
< 2.10.25
MeterSphere is an open source continuous testing platform. Prior to version 2.10.25-lts, a logic flaw allows retrieval of arbitrar
< 3.6.5
MeterSphere is an open source continuous testing platform. Prior to version 3.6.5-lts, the sortField parameter in certain API endp
< 1.10.1
MeterSphere is an open source continuous testing platform. Prior to version 1.10.1-lts, the system's step editor stores cross-site
< 2.10.15
MeterSphere is a test management and interface testing tool. In affected versions users without workspace permissions can view fun
< 2.10.14
MeterSphere is an open source continuous testing platform. Prior to version 2.10.14-lts, members without space permissions can vie
< 2.10.10
MeterSphere is a one-stop open source continuous testing platform. Prior to 2.10.10-lts, the authenticated attackers can update re
< 2.10.7
MeterSphere is a one-stop open source continuous testing platform, covering functions such as test tracking, interface testing, UI
< 2.10.4
MeterSphere is an open-source continuous testing platform. Prior to version 2.10.4 LTS, some interfaces of the Cloud version of Me
< 2.10.3
Metersphere is an opensource testing framework. Files uploaded to Metersphere may define a
belongType value with a relative path< 2.10.2
Metersphere is an open source continuous testing platform. In versions prior to 2.10.2 LTS, some key APIs in Metersphere lack perm
<= 2.9.1
MeterSphere is an open source continuous testing platform. Version 2.9.1 and prior are vulnerable to denial of service. The `ch
all versions
Metersphere v1.20.20-lts-79d354a6 is vulnerable to Remote Command Execution. The system command reverse-shell can be executed at t
< 2.9.0
MeterSphere is an open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing
< 2.7.1
metersphere is an open source continuous testing platform. In versions prior to 2.7.1 a user who has permission to create a resour
< 1.20.19
metersphere is an open source continuous testing platform. In affected versions an improper access control vulnerability exists in
< 2.5.1
MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and per
< 2.5.0
MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and per
< 2.4.1
MeterSphere is a one-stop open source continuous testing platform. Versions prior to 2.4.1 are vulnerable to Path Injection in Api
all versions
An arbitrary file upload vulnerability was found in Metersphere v1.15.4. Unauthenticated users can upload any file to arbitrary di
all versions
An arbitrary file read vulnerability was found in Metersphere v1.15.4, where authenticated users can read any file on the server v
all versions
Time-based SQL Injection vulnerabilities were found in Metersphere v1.15.4 via the "orders" parameter.