CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Prion•added 2021/07/30 2:15 p.m.•13 views

Server side request forgery (ssrf)

Server-side request forgery SSRF vulnerability in GroupSession GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0 allows a remote...

4CVSS4.6AI score0.00134EPSS

Prion•added 2021/07/30 2:15 p.m.•9 views

Cross site scripting

Cross-site scripting vulnerability in GroupSession GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0 allows a remote attacker to inject...

3.5CVSS5.3AI score0.00214EPSS

Prion•added 2021/07/30 2:15 p.m.•11 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in GroupSession GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0 allows a remote attacke...

4.3CVSS5.1AI score0.00092EPSS

Cvelist•added 2021/07/28 12:45 a.m.•13 views

CVE-2021-20789

6.3AI score0.00274EPSS

CVE•added 2021/07/28 12:45 a.m.•60 views

CVE-2021-20789

Open redirect vulnerability CVE-2021-20789 affects GroupSession products: Free edition (versions up to 5.0.x), byCloud (up to 5.0.x), and ZION (up to 5.0.x). Root cause involves improper handling of URLs allowing an attacker to redirect victims to arbitrary sites via a specially crafted URL, enab...

6.1CVSS6.1AI score0.00274EPSS

CVE•added 2021/07/28 12:45 a.m.•49 views

CVE-2021-20788

CVE-2021-20788 is a confirmed SSRF vulnerability in GroupSession products. A remote authenticated attacker can cause the server to perform a port scan from the affected appliance and/or reveal information from the internal Web server. Affected are GroupSession Free edition (versions before 5.1.0)...

4.3CVSS4.7AI score0.00134EPSS

Cvelist•added 2021/07/28 12:45 a.m.•14 views

CVE-2021-20788

5AI score0.00134EPSS

Cvelist•added 2021/07/28 12:45 a.m.•10 views

CVE-2021-20787

5.5AI score0.00214EPSS

CVE•added 2021/07/28 12:45 a.m.•49 views

CVE-2021-20787

CVE-2021-20787 is a cross-site scripting vulnerability in GroupSession products (Free edition 2.2.0–pre-5.1.0, byCloud 3.0.3–pre-5.1.0, ZION 3.0.3–pre-5.1.0). The flaw enables an attacker to inject arbitrary scripts by sending a specially crafted request to a specific URL. Some sources describe t...

4.8CVSS5.3AI score0.00214EPSS

Cvelist•added 2021/07/28 12:45 a.m.•9 views

CVE-2021-20786

5.5AI score0.00092EPSS

CVE•added 2021/07/28 12:45 a.m.•83 views

CVE-2021-20786

CVE-2021-20786 describes a cross-site request forgery (CSRF) in GroupSession products: Free edition (versions before 5.1.0), byCloud (before 5.1.0), and ZION (before 5.1.0). The issue allows a remote attacker to hijack administrator authentication via a specially crafted URL. The root cause is a ...

4.3CVSS5.2AI score0.00092EPSS

Cvelist•added 2021/07/28 12:45 a.m.•10 views

CVE-2021-20785

5.5AI score0.00214EPSS

CVE•added 2021/07/28 12:45 a.m.•45 views

CVE-2021-20785

CVE-2021-20785 is a Cross-site Scripting vulnerability in GroupSession (Japan Total System GroupSession) affecting Free edition (ver2.2.0–pre-5.1.0), GroupSession byCloud (ver3.0.3–pre-5.1.0), and GroupSession ZION (ver3.0.3–pre-5.1.0). The root cause is input handling that allows a remote attack...

4.8CVSS5.3AI score0.00214EPSS

Japan Vulnerability Notes•added 2021/07/19 6:41 a.m.•4 views

Multiple vulnerabilities in GroupSession

Overview GroupSession provided by Japan Total System Co.,Ltd. contains multiple vulnerabilities listed below. Cross-site scripting vulnerability CWE-79 - CVE-2021-20785 Cross-site request forgery CWE-352 - CVE-2021-20786 Cross-site scripting vulnerability CWE-79 - CVE-2021-20787 Sever-side reques...

6.1CVSS6.6AI score0.00274EPSS

Exploits0References15

CNNVD•added 2021/07/19 12:0 a.m.•2 views

Japan Total System GroupSession 输入验证错误漏洞

Japan Total System GroupSession is a groupware project from Japan Total System, Inc. that facilitates business and organizational communication and is designed to promote information sharing. An input validation error vulnerability exists in Total System GroupSession that could allow a remote...

6.1CVSS6AI score0.00274EPSS

CNNVD•added 2021/07/19 12:0 a.m.•2 views

Japan Total System GroupSession 跨站脚本漏洞

Japan Total System GroupSession is a groupware project from Japan Total System, Inc. that facilitates business and organizational communication and is designed to promote information sharing. A cross-site scripting vulnerability exists in Total System GroupSession, which can be triggered by an...

4.8CVSS5.1AI score0.00214EPSS

CNNVD•added 2021/07/19 12:0 a.m.•2 views

Japan Total System GroupSession 跨站请求伪造漏洞

Japan Total System GroupSession is a groupware project from Japan Total System, Inc. that facilitates business and organizational communication and is designed to promote information sharing. A cross-site request forgery vulnerability exists in Total System GroupSession, where product settings...

4.3CVSS5.1AI score0.00092EPSS

CNNVD•added 2021/07/19 12:0 a.m.•3 views

Japan Total System GroupSession 代码问题漏洞

Japan Total System GroupSession is a groupware project from Japan Total System, Inc. that facilitates business and organizational communication and is designed to promote information sharing. Total System GroupSession is vulnerable to a code issue that could allow a user with access to the softwa...

4.3CVSS5.3AI score0.00134EPSS