Lucene search
K

86 matches found

ATTACKERKB
ATTACKERKB
added 2022/03/23 11:15 p.m.4 views

CVE-2022-25267

Passwork On-Premise Edition before 4.6.13 allows migration/uploadExportFile Directory Traversal to upload files...

8.8CVSS7.2AI score0.01443EPSS
Exploits0References3
OSV
OSV
added 2022/03/23 11:15 p.m.5 views

CVE-2022-25268

Passwork On-Premise Edition before 4.6.13 allows CSRF via the groups, password, and history subsystems...

8.8CVSS5.8AI score0.00401EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/03/23 11:15 p.m.5 views

CVE-2022-25269

Passwork On-Premise Edition before 4.6.13 has multiple XSS issues...

6.1CVSS6.4AI score0.00546EPSS
Exploits0References3
NVD
NVD
added 2022/03/23 11:15 p.m.20 views

CVE-2022-25268

Passwork On-Premise Edition before 4.6.13 allows CSRF via the groups, password, and history subsystems...

8.8CVSS0.00401EPSS
Exploits0References2
NVD
NVD
added 2022/03/23 11:15 p.m.19 views

CVE-2022-25269

Passwork On-Premise Edition before 4.6.13 has multiple XSS issues...

6.1CVSS0.00546EPSS
Exploits0References2
NVD
NVD
added 2022/03/23 11:15 p.m.23 views

CVE-2022-25266

Passwork On-Premise Edition before 4.6.13 allows migration/downloadExportFile Directory Traversal to read files...

4.3CVSS0.00915EPSS
Exploits0References2
Prion
Prion
added 2022/03/23 11:15 p.m.12 views

Directory traversal

Passwork On-Premise Edition before 4.6.13 allows migration/downloadExportFile Directory Traversal to read files...

4CVSS4.7AI score0.00915EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/03/23 11:15 p.m.17 views

Directory traversal

Passwork On-Premise Edition before 4.6.13 allows migration/uploadExportFile Directory Traversal to upload files...

6.5CVSS8.7AI score0.01443EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/03/23 11:15 p.m.18 views

Cross site scripting

Passwork On-Premise Edition before 4.6.13 has multiple XSS issues...

4.3CVSS6AI score0.00546EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/03/23 11:15 p.m.17 views

Cross site request forgery (csrf)

Passwork On-Premise Edition before 4.6.13 allows CSRF via the groups, password, and history subsystems...

6.8CVSS8.7AI score0.00401EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/03/23 10:6 p.m.21 views

CVE-2022-25266

Passwork On-Premise Edition before 4.6.13 allows migration/downloadExportFile Directory Traversal to read files...

5AI score0.00915EPSS
Exploits0References2
CVE
CVE
added 2022/03/23 10:6 p.m.83 views

CVE-2022-25266

Concrete details found: CVE-2022-25266 affects Passwork On-Premise Edition prior to 4.6.13. Root cause is improper restriction of the path name to a restricted directory in the migration/downloadExportFile endpoint, enabling directory traversal to read local files. Impact is reading files on the ...

4.3CVSS4.6AI score0.00915EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/03/23 10:6 p.m.27 views

CVE-2022-25269

Passwork On-Premise Edition before 4.6.13 has multiple XSS issues...

6.2AI score0.00546EPSS
Exploits0References2
CVE
CVE
added 2022/03/23 10:6 p.m.101 views

CVE-2022-25269

The CVE-2022-25269 entry concerns Passwork On-Premise Edition prior to 4.6.13 with multiple cross-site scripting (XSS) issues. Root cause: inadequate input handling/web-page structure protections leading to XSS in the affected web interface. Affected software: Passwork On-Premise Edition (version...

6.1CVSS6AI score0.00546EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/03/23 10:6 p.m.27 views

CVE-2022-25268

Passwork On-Premise Edition before 4.6.13 allows CSRF via the groups, password, and history subsystems...

8.9AI score0.00401EPSS
Exploits0References2
CVE
CVE
added 2022/03/23 10:6 p.m.104 views

CVE-2022-25268

Passwork On-Premise Edition is affected by a CSRF vulnerability in versions prior to 4.6.13. The issue enables cross-site request forgery via the likely exposed subsystems for groups, password, and history. Root cause, as described across sources, is a CSRF flaw in the application’s handling of t...

8.8CVSS8.7AI score0.00401EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/03/23 10:6 p.m.93 views

CVE-2022-25267

Passwork On-Premise Edition before 4.6.13 is affected by a Directory Traversal in the migration/uploadExportFile functionality. The root cause is an inadequate restriction of the destination path, enabling an attacker to upload arbitrary files to the system. Impact is onboarding of arbitrary file...

8.8CVSS8.7AI score0.01443EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/03/23 10:6 p.m.19 views

CVE-2022-25267

Passwork On-Premise Edition before 4.6.13 allows migration/uploadExportFile Directory Traversal to upload files...

8.9AI score0.01443EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/03/23 12:0 a.m.4 views

PT-2022-4187 · Unknown +1 · Passwork On-Premise Edition +1

Name of the Vulnerable Software and Affected Versions: Passwork On-Premise Edition versions prior to 4.6.13 Description: The issue is related to multiple XSS problems in the Passwork On-Premise Edition. This is due to the lack of protection measures for the web page structure, allowing a remote...

6.4CVSS6AI score0.00546EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2022/03/23 12:0 a.m.4 views

PT-2022-4186 · Passwork · Passwork On-Premise Edition +1

Name of the Vulnerable Software and Affected Versions: Passwork On-Premise Edition versions prior to 4.6.13 Description: The issue is related to a CSRF vulnerability in the password manager Passwork. This vulnerability can be exploited by a remote attacker to perform a CSRF attack via the groups,...

10CVSS8.6AI score0.00401EPSS
Exploits0References6
Rows per page
Query Builder