Lucene search
K

196 matches found

vulnrichment
vulnrichment
added 2024/06/10 12:0 a.m.16 views

CVE-2022-45176

An issue was discovered in LIVEBOX Collaboration vDesk through v018. Stored Cross-site Scripting XSS can occur under the /api/v1/getbodyfile endpoint via the uri parameter. The web application through its vShare functionality section doesn't properly check parameters, sent in HTTP requests as...

5.3AI score0.00314EPSS
Exploits1References1
cve
cve
added 2024/06/10 12:0 a.m.80 views

CVE-2022-45168

LIVEBOX Collaboration vDesk (v018 and prior) is affected by CVE-2022-45168. The issue allows bypassing two-factor authentication by generating or regenerating backup codes at the endpoints /login/backup_code and /api/v1/vdeskintegration/createbackupcodes before the TOTP check is performed. Root c...

6.5CVSS6.9AI score0.00496EPSS
Exploits1References1Affected Software1
cve
cve
added 2024/06/10 12:0 a.m.88 views

CVE-2022-45176

CVE-2022-45176 affects LIVEBOX Collaboration vDesk through v018. The issue is a stored Cross-site Scripting (XSS) vulnerability at the endpoint /api/v1/getbodyfile, triggered by the input parameter uri . The web application does not properly validate parameters before saving them on the server, a...

6.1CVSS6.1AI score0.00314EPSS
Exploits1References1Affected Software1
ptsecurity
ptsecurity
added 2024/06/10 12:0 a.m.7 views

PT-2024-11691 · Unknown · Livebox Collaboration Vdesk

Name of the Vulnerable Software and Affected Versions: LIVEBOX Collaboration vDesk versions through v018 Description: An issue in the web application allows Stored Cross-site Scripting XSS to occur under the "/api/v1/getbodyfile" endpoint via the uri parameter. The application does not properly...

6.1CVSS5.7AI score0.00314EPSS
Exploits1References5
ptsecurity
ptsecurity
added 2024/06/10 12:0 a.m.8 views

PT-2024-11688 · Unknown · Livebox Collaboration Vdesk

Name of the Vulnerable Software and Affected Versions: LIVEBOX Collaboration vDesk versions through v018 Description: An issue allows a Bypass of Two-Factor Authentication under the "/login/backup code" endpoint and the "/api/v1/vdeskintegration/createbackupcodes" endpoint. This occurs because th...

6.5CVSS6.9AI score0.00496EPSS
Exploits1References5
vulnrichment
vulnrichment
added 2024/06/10 12:0 a.m.15 views

CVE-2022-45168

An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication can occur under the /login/backupcode endpoint and the /api/v1/vdeskintegration/createbackupcodes endpoint, because the application allows a user to generate or regenerate the backup codes...

6.8AI score0.00496EPSS
Exploits1References1
cvelist
cvelist
added 2024/06/10 12:0 a.m.32 views

CVE-2022-45168

An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication can occur under the /login/backupcode endpoint and the /api/v1/vdeskintegration/createbackupcodes endpoint, because the application allows a user to generate or regenerate the backup codes...

0.00496EPSS
Exploits1References1
osv
osv
added 2024/05/28 8:16 p.m.3 views

CVE-2022-45171

An issue was discovered in LIVEBOX Collaboration vDesk through v018. An Unrestricted Upload of a File with a Dangerous Type can occur under the vShare web site section. A remote user, authenticated to the product, can arbitrarily upload potentially dangerous files without restrictions...

8.8CVSS5.6AI score0.00752EPSS
Exploits1References1
nvd
nvd
added 2024/05/28 8:16 p.m.17 views

CVE-2022-45171

An issue was discovered in LIVEBOX Collaboration vDesk through v018. An Unrestricted Upload of a File with a Dangerous Type can occur under the vShare web site section. A remote user, authenticated to the product, can arbitrarily upload potentially dangerous files without restrictions...

8.8CVSS6.4AI score0.00752EPSS
Exploits1References1
cvelist
cvelist
added 2024/05/28 7:23 p.m.30 views

CVE-2022-45171

An issue was discovered in LIVEBOX Collaboration vDesk through v018. An Unrestricted Upload of a File with a Dangerous Type can occur under the vShare web site section. A remote user, authenticated to the product, can arbitrarily upload potentially dangerous files without restrictions...

6.4AI score0.00752EPSS
Exploits1References1
cnnvd
cnnvd
added 2024/05/28 12:0 a.m.4 views

LIVEBOX Collaboration vDesk 安全漏洞

LIVEBOX Collaboration vDesk is an application from LIVEBOX, Inc. A security vulnerability exists in LIVEBOX Collaboration vDesk version 018 and prior versions, which stems from the presence of an unrestricted upload of a dangerous type of file, which allows an authenticated remote user to upload...

8.8CVSS6.8AI score0.00752EPSS
Exploits1References2
nvd
nvd
added 2024/02/21 4:15 p.m.20 views

CVE-2022-45177

An issue was discovered in LIVEBOX Collaboration vDesk through v031. An Observable Response Discrepancy can occur under the /api/v1/vdeskintegration/user/isenableuser endpoint, the /api/v1/sharedsearch?search=NAME+SURNAME endpoint, and the /login endpoint. The web application provides different...

7.5CVSS7.4AI score0.00539EPSS
Exploits0References1
nvd
nvd
added 2024/02/21 4:15 p.m.24 views

CVE-2022-45169

An issue was discovered in LIVEBOX Collaboration vDesk through v031. A URL Redirection to an Untrusted Site Open Redirect can occur under the /api/v1/notification/createnotification endpoint, allowing an authenticated user to send an arbitrary push notification to any other user of the system. Th...

5.9CVSS5.4AI score0.00265EPSS
Exploits0References1
osv
osv
added 2024/02/21 4:15 p.m.5 views

CVE-2022-45179

An issue was discovered in LIVEBOX Collaboration vDesk through v031. A basic XSS vulnerability exists under the /api/v1/vdeskintegration/todo/createorupdate endpoint via the title parameter and /dashboard/reminders. A remote user authenticated to the product can store arbitrary HTML code in the...

5.4CVSS6AI score0.00397EPSS
Exploits0References1
attackerkb
attackerkb
added 2024/02/21 4:15 p.m.3 views

CVE-2022-45177

An issue was discovered in LIVEBOX Collaboration vDesk through v031. An Observable Response Discrepancy can occur under the /api/v1/vdeskintegration/user/isenableuser endpoint, the /api/v1/sharedsearch?search=NAME+SURNAME endpoint, and the /login endpoint. The web application provides different...

7.5CVSS5.8AI score0.00539EPSS
Exploits0References2
attackerkb
attackerkb
added 2024/02/21 4:15 p.m.4 views

CVE-2022-45179

An issue was discovered in LIVEBOX Collaboration vDesk through v031. A basic XSS vulnerability exists under the /api/v1/vdeskintegration/todo/createorupdate endpoint via the title parameter and /dashboard/reminders. A remote user authenticated to the product can store arbitrary HTML code in the...

5.4CVSS6AI score0.00397EPSS
Exploits0References2
attackerkb
attackerkb
added 2024/02/21 4:15 p.m.4 views

CVE-2022-45169

An issue was discovered in LIVEBOX Collaboration vDesk through v031. A URL Redirection to an Untrusted Site Open Redirect can occur under the /api/v1/notification/createnotification endpoint, allowing an authenticated user to send an arbitrary push notification to any other user of the system. Th...

5.9CVSS5.9AI score0.00265EPSS
Exploits0References2
osv
osv
added 2024/02/21 4:15 p.m.5 views

CVE-2022-45169

An issue was discovered in LIVEBOX Collaboration vDesk through v031. A URL Redirection to an Untrusted Site Open Redirect can occur under the /api/v1/notification/createnotification endpoint, allowing an authenticated user to send an arbitrary push notification to any other user of the system. Th...

5.4CVSS5.9AI score0.00265EPSS
Exploits0References1
osv
osv
added 2024/02/21 4:15 p.m.5 views

CVE-2022-45177

An issue was discovered in LIVEBOX Collaboration vDesk through v031. An Observable Response Discrepancy can occur under the /api/v1/vdeskintegration/user/isenableuser endpoint, the /api/v1/sharedsearch?search=NAME+SURNAME endpoint, and the /login endpoint. The web application provides different...

7.5CVSS5.8AI score0.00539EPSS
Exploits0References1
nvd
nvd
added 2024/02/21 4:15 p.m.30 views

CVE-2022-45179

An issue was discovered in LIVEBOX Collaboration vDesk through v031. A basic XSS vulnerability exists under the /api/v1/vdeskintegration/todo/createorupdate endpoint via the title parameter and /dashboard/reminders. A remote user authenticated to the product can store arbitrary HTML code in the...

5.4CVSS5.4AI score0.00397EPSS
Exploits0References1
Rows per page
Query Builder