CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

178 matches found

Cvelist•added 2024/06/11 2:7 p.m.•17 views

CVE-2024-37161 MeterSphere front-end editor stores XSS vulnerability

MeterSphere is an open source continuous testing platform. Prior to version 1.10.1-lts, the system's step editor stores cross-site scripting vulnerabilities. Version 1.10.1-lts fixes this issue...

4CVSS0.00441EPSS

Exploits1References1

CVE•added 2024/06/11 2:7 p.m.•56 views

CVE-2024-37161

MeterSphere front-end editor stores cross-site scripting (XSS) vulnerabilities prior to version 1.10.1-lts due to insufficient filtering/escaping of user-supplied data in the step editor. The issue is fixed in version 1.10.1-lts. Multiple feeds (Red Hat, CNVD, CVE lists) corroborate the vulnerabi...

6.1CVSS4.1AI score0.00441EPSS

Exploits1References1Affected Software1

Vulnrichment•added 2024/06/11 2:7 p.m.•16 views

CVE-2024-37161 MeterSphere front-end editor stores XSS vulnerability

MeterSphere is an open source continuous testing platform. Prior to version 1.10.1-lts, the system's step editor stores cross-site scripting vulnerabilities. Version 1.10.1-lts fixes this issue...

4CVSS6.5AI score0.00441EPSS

Exploits1References1

OSV•added 2024/06/11 2:7 p.m.•2 views

CVE-2024-37161 MeterSphere front-end editor stores XSS vulnerability

MeterSphere is an open source continuous testing platform. Prior to version 1.10.1-lts, the system's step editor stores cross-site scripting vulnerabilities. Version 1.10.1-lts fixes this issue...

4CVSS4.9AI score0.00441EPSS

Exploits1References3

NVD•added 2024/05/30 5:15 p.m.•9 views

CVE-2024-36118

MeterSphere is a test management and interface testing tool. In affected versions users without workspace permissions can view functional test cases of other workspaces beyond their authority. This issue has been addressed in version 2.10.15-lts. Users of MeterSphere are advised to upgrade. There...

4.3CVSS3.9AI score0.0025EPSS

Exploits0References1

OSV•added 2024/05/30 4:51 p.m.•8 views

CVE-2024-36118 Unauthorized viewing of workspace test cases in MeterSphere

3.5CVSS6.8AI score0.0025EPSS

Exploits0References3

Cvelist•added 2024/05/30 4:51 p.m.•25 views

CVE-2024-36118 Unauthorized viewing of workspace test cases in MeterSphere

3.5CVSS3.9AI score0.0025EPSS

Exploits0References1

Vulnrichment•added 2024/05/30 4:51 p.m.•14 views

CVE-2024-36118 Unauthorized viewing of workspace test cases in MeterSphere

3.5CVSS6.8AI score0.0025EPSS

Exploits0References1

CVE•added 2024/05/30 4:51 p.m.•68 views

CVE-2024-36118

MeterSphere (test management/interface testing tool) contains an information-disclosure flaw where users lacking workspace permissions could view functional test cases from other workspaces. The issue is remedied in version 2.10.15-lts; upgrade recommended. No exploit details are provided in the ...

4.3CVSS3.9AI score0.0025EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2024/05/30 12:0 a.m.•3 views

PT-2024-26904 · Unknown · Metersphere

Name of the Vulnerable Software and Affected Versions: MeterSphere versions prior to 2.10.15-lts Description: The issue allows users without workspace permissions to view functional test cases of other workspaces beyond their authority. Recommendations: For versions prior to 2.10.15-lts, upgrade ...

4.3CVSS7.1AI score0.0025EPSS

Exploits0References3

CNNVD•added 2024/05/30 12:0 a.m.•1 views

MeterSphere 安全漏洞

MeterSphere is MeterSphere's open source one-stop open source continuous testing platform. A security vulnerability exists in versions prior to MeterSphere 2.10.15-lts that stems from allowing users without workspace privileges to view functional test cases in other workspaces that exceed their...

4.3CVSS6.7AI score0.0025EPSS

Exploits0References2

NVD•added 2024/04/25 5:15 p.m.•14 views

CVE-2024-32467

MeterSphere is an open source continuous testing platform. Prior to version 2.10.14-lts, members without space permissions can view member information from other workspaces beyond their authority. Version 2.10.14-lts fixes this issue...

6.5CVSS5.4AI score0.0007EPSS

Exploits1References1

CVE•added 2024/04/25 4:56 p.m.•54 views

CVE-2024-32467

MeterSphere (open source continuous testing platform) is affected in versions prior to 2.10.14-lts. The issue allows members without space permissions to view member information from other workspaces beyond their authority. The root cause is insufficient access control that permits cross-workspac...

6.5CVSS6.4AI score0.0007EPSS

Exploits1References1Affected Software1

Cvelist•added 2024/04/25 4:56 p.m.•15 views

CVE-2024-32467 Meteraphsere vulnerable to unauthorized viewing by workspace members

5.7CVSS5.7AI score0.0007EPSS

Exploits1References1

Vulnrichment•added 2024/04/25 4:56 p.m.•11 views

CVE-2024-32467 Meteraphsere vulnerable to unauthorized viewing by workspace members

5.7CVSS6.5AI score0.0007EPSS

Exploits1References1

CNNVD•added 2024/04/25 12:0 a.m.•1 views

MeterSphere 安全漏洞

MeterSphere is MeterSphere's open source one-stop open source continuous testing platform. A security vulnerability exists in versions prior to MeterSphere 2.10.14-lts, which stems from an unauthorized member being able to overstep their rights to view member information in other workspaces...

6.5CVSS6.5AI score0.0007EPSS

Exploits1References2

NVD•added 2023/12/28 4:16 p.m.•10 views

CVE-2023-50267

MeterSphere is a one-stop open source continuous testing platform. Prior to 2.10.10-lts, the authenticated attackers can update resources which don't belong to him if the resource ID is known. This issue if fixed in 2.10.10-lts. There are no known workarounds...

4.3CVSS0.00136EPSS

Exploits0References1