48 matches found
CVE-2022-25511
FreeTAKServer-UI v1.9.8 contains a path traversal vulnerability in the ?filename= parameter of the /DataPackageTable route that can allow attackers to place arbitrary files on the system. This is documented across multiple sources (CVE-2022-25511 and related advisories). The exact root cause is n...
CVE-2022-25506
CVE-2022-25506 concerns FreeTAKServer-UI v1.9.8 with a reported SQL injection vulnerability in the API endpoint /AuthenticateUser . Multiple connected sources confirm the flaw stems from improper neutralization of SQL commands against the SQLite3 database, enabling an attacker to access sensitive...
CVE-2022-25506
FreeTAKServer-UI v1.9.8 was discovered to contain a SQL injection vulnerability via the API endpoint /AuthenticateUser...
CVE-2022-25507
FreeTAKServer-UI v1.9.8 was discovered to contain a stored cross-site scripting XSS vulnerability via the Callsign parameter...
CVE-2022-25506
FreeTAKServer-UI v1.9.8 was discovered to contain a SQL injection vulnerability via the API endpoint /AuthenticateUser...
CVE-2022-25507
CVE-2022-25507 affects FreeTAKServer-UI (v1.9.8) with a stored XSS vulnerability exploitable via the Callsign parameter. The connected sources confirm the vulnerability but do not provide exploitation details, affected versions beyond v1.9.8, or a published patch/mitigation. No root-cause or impa...
CVE-2022-25507
FreeTAKServer-UI v1.9.8 was discovered to contain a stored cross-site scripting XSS vulnerability via the Callsign parameter...
FreeTAKServer-UI 跨站脚本漏洞
FreeTAKServer-UI is an open source FTS web interface from the FreeTAKTeam. FreeTAKServer-UI has a cross-site scripting vulnerability that originates from the Callsign parameter, and no detailed vulnerability details are currently available...