CVE-2024-48907

Sematell ReplyOne 7.4.3.0 allows SSRF via the application server API...

CVE-2024-48907

The CVE-2024-48907 reference concerns Sematell ReplyOne version 7.4.3.0 that is susceptible to Server-Side Request Forgery (SSRF) through the application server API. The available sources describe the vulnerability as enabling the application server to initiate unauthorized external requests, wit...

CVE-2024-48905

Sematell ReplyOne 7.4.3.0 has Insecure Permissions for the /rest/sessions endpoint...

PT-2025-18713 · Sematell · Sematell Replyone

Name of the Vulnerable Software and Affected Versions: Sematell ReplyOne version 7.4.3.0 Description: The issue allows for cross-site scripting XSS attacks through a ReplyDesk e-mail attachment name. This means an attacker could potentially inject malicious scripts into the system by manipulating...

CVE-2024-48906

CVE-2024-48906 affects Sematell ReplyOne 7.4.3.0. The vulnerability is an XSS flaw that can be triggered via the name of a ReplyDesk email attachment. The PT-2015-18713 entry provides the concrete vector: attachment-name-based XSS. Remediation in the connected details includes input validation/sa...

CVE-2024-48905

Sematell ReplyOne 7.4.3.0 has Insecure Permissions for the /rest/sessions endpoint...