Lucene search
K

196 matches found

AlpineLinux
AlpineLinux
added 2024/02/21 4:15 p.m.22 views

CVE-2022-45179

An issue was discovered in LIVEBOX Collaboration vDesk through v031. A basic XSS vulnerability exists under the /api/v1/vdeskintegration/todo/createorupdate endpoint via the title parameter and /dashboard/reminders. A remote user authenticated to the product can store arbitrary HTML code in the...

5.4CVSS6.6AI score0.00397EPSS
Exploits0
Prion
Prion
added 2024/02/21 4:15 p.m.21 views

Design/Logic Flaw

An issue was discovered in LIVEBOX Collaboration vDesk through v031. An Observable Response Discrepancy can occur under the /api/v1/vdeskintegration/user/isenableuser endpoint, the /api/v1/sharedsearch?search=NAME+SURNAME endpoint, and the /login endpoint. The web application provides different...

6.8AI score0.00539EPSS
Exploits0References1
Prion
Prion
added 2024/02/21 4:15 p.m.25 views

Cross site scripting

An issue was discovered in LIVEBOX Collaboration vDesk through v031. A basic XSS vulnerability exists under the /api/v1/vdeskintegration/todo/createorupdate endpoint via the title parameter and /dashboard/reminders. A remote user authenticated to the product can store arbitrary HTML code in the...

6.5AI score0.00397EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/02/21 12:0 a.m.5 views

LIVEBOX Collaboration vDesk Security Vulnerability

LIVEBOX Collaboration vDesk is an application from LIVEBOX, Inc. A security vulnerability exists in LIVEBOX Collaboration vDesk v031 and prior versions, which stems from a redirection via the /api/v1/notification/createnotification endpoint that allows an authenticated user to send arbitrary push...

5.9CVSS6.8AI score0.00265EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/02/21 12:0 a.m.5 views

PT-2024-11692 · Unknown · Livebox Collaboration Vdesk

Name of the Vulnerable Software and Affected Versions: LIVEBOX Collaboration vDesk versions through v031 Description: An issue was discovered in LIVEBOX Collaboration vDesk, where an Observable Response Discrepancy can occur under the "/api/v1/vdeskintegration/user/isenableuser" endpoint, the...

7.5CVSS6.6AI score0.00539EPSS
Exploits0References6
Cvelist
Cvelist
added 2024/02/21 12:0 a.m.24 views

CVE-2022-45169

An issue was discovered in LIVEBOX Collaboration vDesk through v031. A URL Redirection to an Untrusted Site Open Redirect can occur under the /api/v1/notification/createnotification endpoint, allowing an authenticated user to send an arbitrary push notification to any other user of the system. Th...

5.7AI score0.00265EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/02/21 12:0 a.m.16 views

CVE-2022-45177

An issue was discovered in LIVEBOX Collaboration vDesk through v031. An Observable Response Discrepancy can occur under the /api/v1/vdeskintegration/user/isenableuser endpoint, the /api/v1/sharedsearch?search=NAME+SURNAME endpoint, and the /login endpoint. The web application provides different...

6.6AI score0.00539EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/02/21 12:0 a.m.7 views

PT-2024-11693 · Unknown · Livebox Collaboration Vdesk

Name of the Vulnerable Software and Affected Versions: LIVEBOX Collaboration vDesk versions through v031 Description: A basic XSS issue exists under the "/api/v1/vdeskintegration/todo/createorupdate" endpoint via the title parameter and "/dashboard/reminders". A remote user, authenticated to the...

5.4CVSS6AI score0.00397EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/02/21 12:0 a.m.7 views

LIVEBOX Collaboration vDesk Cross-Site Scripting Vulnerability

LIVEBOX Collaboration vDesk is an application from LIVEBOX, Inc. A cross-site scripting vulnerability exists in LIVEBOX Collaboration vDesk v031 and earlier versions, which stems from a cross-site scripting vulnerability in the title and /dashboard/reminders parameters of the...

5.4CVSS6.1AI score0.00397EPSS
Exploits0References2
CVE
CVE
added 2024/02/21 12:0 a.m.692 views

CVE-2022-45177

LIVEBOX Collaboration vDesk (through v031) is affected. A vulnerability described as an Observable Response Discrepancy occurs on /api/v1/vdeskintegration/user/isenableuser, /api/v1/sharedsearch?search={NAME]+{SURNAME], and /login, where the web app reveals internal state information to unauthori...

7.5CVSS7.3AI score0.00539EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/02/21 12:0 a.m.698 views

CVE-2022-45179

LIVEBOX Collaboration vDesk (through v031) has a basic XSS vulnerability in the /api/v1/vdeskintegration/todo/createorupdate endpoint via the title parameter, and in /dashboard/reminders. A remote authenticated user can inject arbitrary HTML into the reminder title, potentially corrupting the pag...

5.4CVSS5.4AI score0.00397EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/02/21 12:0 a.m.696 views

CVE-2022-45169

CVE-2022-45169 affects LIVEBOX Collaboration vDesk (through v031). It describes an Open Redirect: an authenticated user can trigger a URL redirection via /api/v1/notification/createnotification to send a push notification to another user that can include an invisible clickable link. Reported metr...

5.9CVSS5.4AI score0.00265EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/02/21 12:0 a.m.6 views

LIVEBOX Collaboration vDesk Security Vulnerability

LIVEBOX Collaboration vDesk is an application from LIVEBOX, Inc. A security vulnerability exists in LIVEBOX Collaboration vDesk v031 and later versions, which originates in the /api/v1/vdeskintegration/user/isenableuser, /login endpoints that provide different responses to incoming requests,...

7.5CVSS6.6AI score0.00539EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/02/21 12:0 a.m.35 views

CVE-2022-45179

An issue was discovered in LIVEBOX Collaboration vDesk through v031. A basic XSS vulnerability exists under the /api/v1/vdeskintegration/todo/createorupdate endpoint via the title parameter and /dashboard/reminders. A remote user authenticated to the product can store arbitrary HTML code in the...

6.3AI score0.00397EPSS
Exploits0References1
NVD
NVD
added 2023/04/14 2:15 p.m.33 views

CVE-2022-45174

An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication for SAML Users can occur under the /login/backupcode endpoint and the /api/v1/vdeskintegration/challenge endpoint. The correctness of the TOTP is not checked properly, and can be bypassed by...

9.8CVSS9.6AI score0.01033EPSS
Exploits1References1
AlpineLinux
AlpineLinux
added 2023/04/14 2:15 p.m.17 views

CVE-2022-45178

An issue was discovered in LIVEBOX Collaboration vDesk through v018. Broken Access Control exists under the /api/v1/vdeskintegration/saml/user/createorupdate endpoint, the /settings/guest-settings endpoint, the /settings/samlusers-settings endpoint, and the /settings/users-settings endpoint. A...

8.8CVSS8.9AI score0.00964EPSS
Exploits1References1
OSV
OSV
added 2023/04/14 2:15 p.m.5 views

CVE-2022-45170

An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Cryptographic Issue can occur under the /api/v1/vencrypt/decrypt/file endpoint. A malicious user, logged into a victim's account, is able to decipher a file without knowing the key set by the user...

6.5CVSS5.8AI score0.00444EPSS
Exploits1References1
AlpineLinux
AlpineLinux
added 2023/04/14 2:15 p.m.28 views

CVE-2022-45170

An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Cryptographic Issue can occur under the /api/v1/vencrypt/decrypt/file endpoint. A malicious user, logged into a victim's account, is able to decipher a file without knowing the key set by the user...

6.5CVSS6.5AI score0.00444EPSS
Exploits1References1
OSV
OSV
added 2023/04/14 2:15 p.m.5 views

CVE-2022-45174

An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication for SAML Users can occur under the /login/backupcode endpoint and the /api/v1/vdeskintegration/challenge endpoint. The correctness of the TOTP is not checked properly, and can be bypassed by...

9.8CVSS5.8AI score0.01033EPSS
Exploits1References1
NVD
NVD
added 2023/04/14 2:15 p.m.21 views

CVE-2022-45170

An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Cryptographic Issue can occur under the /api/v1/vencrypt/decrypt/file endpoint. A malicious user, logged into a victim's account, is able to decipher a file without knowing the key set by the user...

6.5CVSS6.4AI score0.00444EPSS
Exploits1References1
Rows per page
Query Builder