Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

OpenLiteSpeed

Source -

CNA

CNA CVEs -

2

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
2Vulnerabilities found
CVE-2026-31386
Assigner-JPCERT/CC
ShareView Details
Assigner-JPCERT/CC
CVSS Score-8.6||HIGH
EPSS-0.22% / 44.42%
||
7 Day CHG~0.00%
Published-16 Mar, 2026 | 05:21
Updated-16 Mar, 2026 | 15:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies contain an OS command injection vulnerability. An arbitrary OS command may be executed by an attacker with the administrative privilege.

Action-Not Available
Vendor-LiteSpeed Technologies
Product-OpenLiteSpeedLSWS Enterprise
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-47855
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-5.1||MEDIUM
EPSS-0.04% / 12.77%
||
7 Day CHG~0.00%
Published-21 Jan, 2026 | 17:27
Updated-05 Mar, 2026 | 01:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Openlitespeed 1.7.9 - 'Notes' Stored Cross-Site Scripting

Openlitespeed 1.7.9 contains a stored cross-site scripting vulnerability in the dashboard's Notes parameter that allows administrators to inject malicious scripts. Attackers can craft a payload in the Notes field during listener configuration that will execute when an administrator clicks on the Default Icon.

Action-Not Available
Vendor-LiteSpeed Technologies
Product-OpenLiteSpeed
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')