3 matches found
CVE-2024-31842
An issue was discovered in Italtel Embrace 1.6.4. The web application inserts the access token of an authenticated user inside GET requests. The query string for the URL could be saved in the browser's history, passed through Referers to other web sites, stored in web logs, or otherwise recorded ...
CVE-2024-31844
An issue was discovered in Italtel Embrace 1.6.4. The server does not properly handle application errors. In some cases, this leads to a disclosure of information about the server. An unauthenticated user is able craft specific requests in order to make the application generate an error. Inside a...
CVE-2024-31840
The CVE-2024-31840 entry concerns Italtel Embrace 1.6.4. The vulnerability is that the web application inserts cleartext email account passwords into the HTML source. An authenticated user can access the edit function for the email server configuration, and the edit form is pre-filled with the cu...