CVE-2019-10412

Jenkins Inedo ProGet Plugin 1.2 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure...

CVE-2025-1419

Input provided in comment section of Konsola Proget is not sanitized correctly, allowing a high-privileged user to perform a Stored Cross-Site Scripting attack. This issue has been fixed in 2.17.5 version of Konsola Proget server part of the MDM suite...

CVE-2025-1420

Input provided in a field containing "activationMessage" in Konsola Proget is not sanitized correctly, allowing a high-privileged user to perform a Stored Cross-Site Scripting attack. This issue has been fixed in 2.17.5 version of Konsola Proget server part of the MDM suite...

CVE-2025-1417

In Proget MDM, a low-privileged user can access information about changes contained in backups of all devices managed by the MDM Mobile Device Management. This information include user ids, email addresses, first names, last names and device UUIDs. The last one can be used for exploitation of...

CVE-2025-1418

A low-privileged user can access information about profiles created in Proget MDM Mobile Device Management, which contain details about allowed/prohibited functions. The profiles do not reveal any sensitive information including their usage in connected devices. This issue has been fixed...

CVE-2025-1416

In Proget MDM, a low-privileged user can retrieve passwords for managed devices and subsequently use functionalities restricted by the MDM Mobile Device Management. For it to happen, they must know the UUIDs of targetted devices, which might be obtained by exploiting CVE-2025-1415 or CVE-2025-141...

CVE-2025-1421 Formula injection in a CSV file in Proget MDM

Data provided in a request performed to the server while activating a new device are put in a database. Other high privileged users might download this data as a CSV file and corrupt their PC by opening it in a tool such as Microsoft Excel. The attacker could gain remote access to the user's PC...

CVE-2025-1421

The CVE-2025-1421 issue affects Konsola Proget (server part of the MDM suite). Data submitted during device activation is stored in a database, enabling high-privileged users to export it as CSV and, by opening it in Excel, potentially corrupt the user’s PC. The attacker could gain remote access ...

CVE-2025-1421 Formula injection in a CSV file in Proget MDM

Data provided in a request performed to the server while activating a new device are put in a database. Other high privileged users might download this data as a CSV file and corrupt their PC by opening it in a tool such as Microsoft Excel. The attacker could gain remote access to the user's PC...

CVE-2025-1420 XSS in Proget MDM

Input provided in a field containing "activationMessage" in Konsola Proget is not sanitized correctly, allowing a high-privileged user to perform a Stored Cross-Site Scripting attack. This issue has been fixed in 2.17.5 version of Konsola Proget server part of the MDM suite...

CVE-2025-1420

CVE-2025-1420 affects Konsola Proget (server component of the MDM suite). The issue arises from unsanitized input in the activationMessage field, enabling a Stored Cross-Site Scripting attack by a high-privileged user. Estimated CVSS v4 base score 2.4 (LOW); attack vector Adjacent, privileges req...

CVE-2025-1420 XSS in Proget MDM

Input provided in a field containing "activationMessage" in Konsola Proget is not sanitized correctly, allowing a high-privileged user to perform a Stored Cross-Site Scripting attack. This issue has been fixed in 2.17.5 version of Konsola Proget server part of the MDM suite...

CVE-2025-1419 XSS in Proget MDM

Input provided in comment section of Konsola Proget is not sanitized correctly, allowing a high-privileged user to perform a Stored Cross-Site Scripting attack. This issue has been fixed in 2.17.5 version of Konsola Proget server part of the MDM suite...

CVE-2025-1419

Konsola Proget (server part of the MDM suite) is affected by CVE-2025-1419 due to input in the comment section not being sanitized, enabling stored XSS when a high-privileged user interacts with the affected input. Root cause: inadequate sanitization of user-supplied comments leading to script ex...

CVE-2025-1419 XSS in Proget MDM

Input provided in comment section of Konsola Proget is not sanitized correctly, allowing a high-privileged user to perform a Stored Cross-Site Scripting attack. This issue has been fixed in 2.17.5 version of Konsola Proget server part of the MDM suite...

CVE-2025-1418 Information disclosure in Proget MDM

A low-privileged user can access information about profiles created in Proget MDM Mobile Device Management, which contain details about allowed/prohibited functions. The profiles do not reveal any sensitive information including their usage in connected devices. This issue has been fixed...

CVE-2025-1418 Information disclosure in Proget MDM

A low-privileged user can access information about profiles created in Proget MDM Mobile Device Management, which contain details about allowed/prohibited functions. The profiles do not reveal any sensitive information including their usage in connected devices. This issue has been fixed...

CVE-2025-1418

CVE-2025-1418 affects the Proget MDM server (Konsola Proget). A low-privileged user could read information about profiles (which describe allowed/prohibited functions). The issue does not expose sensitive data about devices in the initial description, but it leaks profile metadata. The entry is f...

CVE-2025-1417

CVE-2025-1417 affects Proget MDM using the Konsola Proget server component. A low-privileged user can access change-logs for backups of all managed devices, exposing user IDs, email addresses, first and last names, and device UUIDs (the UUID could enable CVE-2025-1416). Exploitation requires the ...

CVE-2025-1417 Information disclosure in Proget MDM

In Proget MDM, a low-privileged user can access information about changes contained in backups of all devices managed by the MDM Mobile Device Management. This information include user ids, email addresses, first names, last names and device UUIDs. The last one can be used for exploitation of...