7 matches found
EUVD-2024-25231
Malicious code in bioql PyPI...
CVE-2024-28063
Kiteworks Totemomail through 7.0.0 allows /responsiveUI/EnvelopeOpenServlet envelopeRecipient reflected XSS...
CVE-2024-28064
Kiteworks Totemomail 7.x and 8.x before 8.3.0 allows /responsiveUI/EnvelopeOpenServlet messageId directory traversal for unauthenticated file read and delete operations with displayLoginChunkedImages and write operations with storeLoginChunkedImages...
CVE-2024-28064
Kiteworks Totemomail 7.x and 8.x before 8.3.0 allows /responsiveUI/EnvelopeOpenServlet messageId directory traversal for unauthenticated file read and delete operations with displayLoginChunkedImages and write operations with storeLoginChunkedImages...
CVE-2024-28064
Kiteworks Totemomail 7.x and 8.x before 8.3.0 allows /responsiveUI/EnvelopeOpenServlet messageId directory traversal for unauthenticated file read and delete operations with displayLoginChunkedImages and write operations with storeLoginChunkedImages...
PT-2024-22244 · Kiteworks · Kiteworks Totemomail
Name of the Vulnerable Software and Affected Versions: Kiteworks Totemomail versions through 7.0.0 Description: The issue allows for reflected XSS through the /responsiveUI/EnvelopeOpenServlet endpoint, specifically targeting the envelopeRecipient parameter. This enables potential attackers to...
PT-2024-22245 · Kiteworks · Kiteworks Totemomail
Name of the Vulnerable Software and Affected Versions: Kiteworks Totemomail versions 7.x through 8.2.1 Description: The issue allows for directory traversal, enabling unauthenticated file read and delete operations, as well as write operations, through the /responsiveUI/EnvelopeOpenServlet...