Lucene search
+L

27 matches found

cve
cve
added 2025/05/01 12:0 a.m.73 views

CVE-2024-48905

CVE-2024-48905 affects Sematell ReplyOne 7.4.3.0 with insecure permissions on the /rest/sessions endpoint, enabling potential unauthorized access. Root cause: insufficient access controls. CVSS v3.1 base score 9.1 (CRITICAL) affecting confidentiality and integrity. Exploitation details are not pr...

9.1CVSS7AI score0.00359EPSS
Exploits1References1Affected Software1
ptsecurity
ptsecurity
added 2025/05/01 12:0 a.m.4 views

PT-2025-18714 · Sematell · Sematell Replyone

Name of the Vulnerable Software and Affected Versions: Sematell ReplyOne version 7.4.3.0 Description: The issue allows Server-Side Request Forgery SSRF through the application server API. This means an attacker could potentially manipulate the server into making unauthorized requests...

7.5CVSS6.5AI score0.00359EPSS
Exploits1References5
vulnrichment
vulnrichment
added 2025/05/01 12:0 a.m.8 views

CVE-2024-48905

Sematell ReplyOne 7.4.3.0 has Insecure Permissions for the /rest/sessions endpoint...

7AI score0.00359EPSS
Exploits1References1
cve
cve
added 2025/05/01 12:0 a.m.59 views

CVE-2024-48906

CVE-2024-48906 affects Sematell ReplyOne 7.4.3.0. The vulnerability is an XSS flaw that can be triggered via the name of a ReplyDesk email attachment. The PT-2015-18713 entry provides the concrete vector: attachment-name-based XSS. Remediation in the connected details includes input validation/sa...

6.1CVSS5.9AI score0.00228EPSS
Exploits1References1Affected Software1
ptsecurity
ptsecurity
added 2025/05/01 12:0 a.m.7 views

PT-2025-18713 · Sematell · Sematell Replyone

Name of the Vulnerable Software and Affected Versions: Sematell ReplyOne version 7.4.3.0 Description: The issue allows for cross-site scripting XSS attacks through a ReplyDesk e-mail attachment name. This means an attacker could potentially inject malicious scripts into the system by manipulating...

6.1CVSS5.4AI score0.00228EPSS
Exploits1References5
cnnvd
cnnvd
added 2025/05/01 12:0 a.m.5 views

Sematell ReplyOne 安全漏洞

Sematell ReplyOne is an artificial intelligence-based reply management software from Sematell. A security vulnerability exists in Sematell ReplyOne version 7.4.3.0 that stems from the presence of a server-side request forgery that could result in sending unauthorized requests...

7.5CVSS6.7AI score0.00359EPSS
Exploits1References1
ptsecurity
ptsecurity
added 2025/05/01 12:0 a.m.9 views

PT-2025-18712 · Sematell · Sematell Replyone

Name of the Vulnerable Software and Affected Versions: Sematell ReplyOne version 7.4.3.0 Description: The issue concerns insecure permissions for the "/rest/sessions" endpoint. This could potentially allow unauthorized access or actions. Recommendations: For Sematell ReplyOne version 7.4.3.0,...

9.1CVSS6.5AI score0.00359EPSS
Exploits1References5
Rows per page
Query Builder