18 matches found
CVE-2023-50712
Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. A stored Cross-Site Scripting XSS vulnerability has been identified in iris-web, affecting multiple locations in versions prior to v2.3.7. The vulnerability may allow an attack...
CVE-2024-25640
Iris is a web collaborative platform that helps incident responders share technical details during investigations. A stored Cross-Site Scripting XSS vulnerability has been identified in iris-web, affecting multiple locations in versions prior to v2.4.0. The vulnerability may allow an attacker to...
CVE-2023-30615
Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. A stored Cross-Site Scripting XSS vulnerability has been identified in iris-web, affecting multiple locations . The vulnerability in allows an attacker to inject malicious...
CVE-2024-34060 Arbitrary File Write in IRIS EVTX Pipeline
IrisEVTXModule is an interface module for Evtx2Splunk and Iris in order to ingest Microsoft EVTX log files. The iris-evtx-module is a pipeline plugin of iris-web that processes EVTX files through IRIS web application. During the upload of an EVTX through this pipeline, the filename is not safely...
CVE-2024-25624
CVE-2024-25624 affects Iris (iris-web) and is due to improper Jinja2 environment setup causing Server Side Template Injection (SSTI). An authenticated administrator must upload a crafted report template; when a weaponized report is generated, any user can trigger the vulnerability, potentially le...
CVE-2024-25624 iris-web vulnerable to Server Side Template Injection in reports
Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. Due to an improper setup of Jinja2 environment, reports generation in iris-web is prone to a Server Side Template Injection SSTI. Successful exploitation of the vulnerability c...
CVE-2024-25624 iris-web vulnerable to Server Side Template Injection in reports
Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. Due to an improper setup of Jinja2 environment, reports generation in iris-web is prone to a Server Side Template Injection SSTI. Successful exploitation of the vulnerability c...
PT-2024-21044 · Iris · Iris
Name of the Vulnerable Software and Affected Versions: Iris versions prior to 2.4.6 Description: Iris is a web collaborative platform that helps incident responders share technical details during investigations. Due to an improper setup of the Jinja2 environment, reports generation in iris-web is...
Cross site scripting
Iris is a web collaborative platform that helps incident responders share technical details during investigations. A stored Cross-Site Scripting XSS vulnerability has been identified in iris-web, affecting multiple locations in versions prior to v2.4.0. The vulnerability may allow an attacker to...
CVE-2024-25640 Improper Neutralization of Alternate XSS Syntax in iris-web
Iris is a web collaborative platform that helps incident responders share technical details during investigations. A stored Cross-Site Scripting XSS vulnerability has been identified in iris-web, affecting multiple locations in versions prior to v2.4.0. The vulnerability may allow an attacker to...
CVE-2024-25640 Improper Neutralization of Alternate XSS Syntax in iris-web
Iris is a web collaborative platform that helps incident responders share technical details during investigations. A stored Cross-Site Scripting XSS vulnerability has been identified in iris-web, affecting multiple locations in versions prior to v2.4.0. The vulnerability may allow an attacker to...
PT-2024-21061 · Iris-Web · Iris-Web
Name of the Vulnerable Software and Affected Versions: iris-web versions prior to 2.4.0 Description: A stored Cross-Site Scripting XSS vulnerability has been identified in iris-web, affecting multiple locations. The vulnerability may allow an attacker to inject malicious scripts into the...
CVE-2023-50712
Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. A stored Cross-Site Scripting XSS vulnerability has been identified in iris-web, affecting multiple locations in versions prior to v2.3.7. The vulnerability may allow an attack...
PT-2023-31618 · Iris-Web · Iris-Web
Name of the Vulnerable Software and Affected Versions: iris-web versions prior to v2.3.7 Description: A stored Cross-Site Scripting XSS vulnerability has been identified in iris-web, affecting multiple locations. The vulnerability may allow an attacker to inject malicious scripts into the...
Iris Security Breach
Iris is a fast, simple but fully featured and very efficient Go web framework. A security vulnerability exists in iris-web versions prior to v2.3.7, which stems from the presence of a stored cross-site scripting XSS vulnerability that could allow an attacker to inject malicious scripts into an...
CVE-2023-30615 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in iris-web
Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. A stored Cross-Site Scripting XSS vulnerability has been identified in iris-web, affecting multiple locations . The vulnerability in allows an attacker to inject malicious...
CVE-2023-30615 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in iris-web
Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. A stored Cross-Site Scripting XSS vulnerability has been identified in iris-web, affecting multiple locations . The vulnerability in allows an attacker to inject malicious...
CVE-2021-23772
A flaw was found in the Iris Web Framework, where the UploadFormFiles method unsafely handles file names during upload. This flaw allows an attacker to write in arbitrary locations outside the designated target folder...