Lucene search
+L

196 matches found

OSV
OSV
added 2024/02/21 4:15 p.m.5 views

CVE-2022-45179

An issue was discovered in LIVEBOX Collaboration vDesk through v031. A basic XSS vulnerability exists under the /api/v1/vdeskintegration/todo/createorupdate endpoint via the title parameter and /dashboard/reminders. A remote user authenticated to the product can store arbitrary HTML code in the...

5.4CVSS6AI score0.00397EPSS
Exploits0References1
Prion
Prion
added 2024/02/21 4:15 p.m.25 views

Cross site scripting

An issue was discovered in LIVEBOX Collaboration vDesk through v031. A basic XSS vulnerability exists under the /api/v1/vdeskintegration/todo/createorupdate endpoint via the title parameter and /dashboard/reminders. A remote user authenticated to the product can store arbitrary HTML code in the...

6.5AI score0.00397EPSS
Exploits0References1
Prion
Prion
added 2024/02/21 4:15 p.m.21 views

Design/Logic Flaw

An issue was discovered in LIVEBOX Collaboration vDesk through v031. An Observable Response Discrepancy can occur under the /api/v1/vdeskintegration/user/isenableuser endpoint, the /api/v1/sharedsearch?search=NAME+SURNAME endpoint, and the /login endpoint. The web application provides different...

6.8AI score0.00539EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/02/21 12:0 a.m.8 views

LIVEBOX Collaboration vDesk Cross-Site Scripting Vulnerability

LIVEBOX Collaboration vDesk is an application from LIVEBOX, Inc. A cross-site scripting vulnerability exists in LIVEBOX Collaboration vDesk v031 and earlier versions, which stems from a cross-site scripting vulnerability in the title and /dashboard/reminders parameters of the...

5.4CVSS6.1AI score0.00397EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/02/21 12:0 a.m.26 views

CVE-2022-45169

An issue was discovered in LIVEBOX Collaboration vDesk through v031. A URL Redirection to an Untrusted Site Open Redirect can occur under the /api/v1/notification/createnotification endpoint, allowing an authenticated user to send an arbitrary push notification to any other user of the system. Th...

5.7AI score0.00265EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/02/21 12:0 a.m.35 views

CVE-2022-45179

An issue was discovered in LIVEBOX Collaboration vDesk through v031. A basic XSS vulnerability exists under the /api/v1/vdeskintegration/todo/createorupdate endpoint via the title parameter and /dashboard/reminders. A remote user authenticated to the product can store arbitrary HTML code in the...

6.3AI score0.00397EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/02/21 12:0 a.m.6 views

LIVEBOX Collaboration vDesk Security Vulnerability

LIVEBOX Collaboration vDesk is an application from LIVEBOX, Inc. A security vulnerability exists in LIVEBOX Collaboration vDesk v031 and prior versions, which stems from a redirection via the /api/v1/notification/createnotification endpoint that allows an authenticated user to send arbitrary push...

5.9CVSS6.8AI score0.00265EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/02/21 12:0 a.m.16 views

CVE-2022-45177

An issue was discovered in LIVEBOX Collaboration vDesk through v031. An Observable Response Discrepancy can occur under the /api/v1/vdeskintegration/user/isenableuser endpoint, the /api/v1/sharedsearch?search=NAME+SURNAME endpoint, and the /login endpoint. The web application provides different...

6.6AI score0.00539EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/02/21 12:0 a.m.6 views

LIVEBOX Collaboration vDesk Security Vulnerability

LIVEBOX Collaboration vDesk is an application from LIVEBOX, Inc. A security vulnerability exists in LIVEBOX Collaboration vDesk v031 and later versions, which originates in the /api/v1/vdeskintegration/user/isenableuser, /login endpoints that provide different responses to incoming requests,...

7.5CVSS6.6AI score0.00539EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/02/21 12:0 a.m.7 views

PT-2024-11693 · Unknown · Livebox Collaboration Vdesk

Name of the Vulnerable Software and Affected Versions: LIVEBOX Collaboration vDesk versions through v031 Description: A basic XSS issue exists under the "/api/v1/vdeskintegration/todo/createorupdate" endpoint via the title parameter and "/dashboard/reminders". A remote user, authenticated to the...

5.4CVSS6AI score0.00397EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/02/21 12:0 a.m.6 views

PT-2024-11692 · Unknown · Livebox Collaboration Vdesk

Name of the Vulnerable Software and Affected Versions: LIVEBOX Collaboration vDesk versions through v031 Description: An issue was discovered in LIVEBOX Collaboration vDesk, where an Observable Response Discrepancy can occur under the "/api/v1/vdeskintegration/user/isenableuser" endpoint, the...

7.5CVSS6.6AI score0.00539EPSS
Exploits0References6
CVE
CVE
added 2024/02/21 12:0 a.m.699 views

CVE-2022-45179

LIVEBOX Collaboration vDesk (through v031) has a basic XSS vulnerability in the /api/v1/vdeskintegration/todo/createorupdate endpoint via the title parameter, and in /dashboard/reminders. A remote authenticated user can inject arbitrary HTML into the reminder title, potentially corrupting the pag...

5.4CVSS5.4AI score0.00397EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/02/21 12:0 a.m.698 views

CVE-2022-45169

CVE-2022-45169 affects LIVEBOX Collaboration vDesk (through v031). It describes an Open Redirect: an authenticated user can trigger a URL redirection via /api/v1/notification/createnotification to send a push notification to another user that can include an invisible clickable link. Reported metr...

5.9CVSS5.4AI score0.00265EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/02/21 12:0 a.m.694 views

CVE-2022-45177

LIVEBOX Collaboration vDesk (through v031) is affected. A vulnerability described as an Observable Response Discrepancy occurs on /api/v1/vdeskintegration/user/isenableuser, /api/v1/sharedsearch?search={NAME]+{SURNAME], and /login, where the web app reveals internal state information to unauthori...

7.5CVSS7.3AI score0.00539EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/04/14 2:15 p.m.7 views

CVE-2022-45174

An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication for SAML Users can occur under the /login/backupcode endpoint and the /api/v1/vdeskintegration/challenge endpoint. The correctness of the TOTP is not checked properly, and can be bypassed by...

9.8CVSS5.8AI score0.01033EPSS
Exploits1References1
OSV
OSV
added 2023/04/14 2:15 p.m.4 views

CVE-2022-45178

An issue was discovered in LIVEBOX Collaboration vDesk through v018. Broken Access Control exists under the /api/v1/vdeskintegration/saml/user/createorupdate endpoint, the /settings/guest-settings endpoint, the /settings/samlusers-settings endpoint, and the /settings/users-settings endpoint. A...

8.8CVSS5.8AI score0.00964EPSS
Exploits1References1
NVD
NVD
added 2023/04/14 2:15 p.m.35 views

CVE-2022-45174

An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication for SAML Users can occur under the /login/backupcode endpoint and the /api/v1/vdeskintegration/challenge endpoint. The correctness of the TOTP is not checked properly, and can be bypassed by...

9.8CVSS9.6AI score0.01033EPSS
Exploits1References1
AlpineLinux
AlpineLinux
added 2023/04/14 2:15 p.m.46 views

CVE-2022-45175

An issue was discovered in LIVEBOX Collaboration vDesk through v018. An Insecure Direct Object Reference can occur under the 5.6.5-3/doc/ID-FILE/c/N/C/websocket endpoint. A malicious unauthenticated user can access cached files in the OnlyOffice backend of other users by guessing the file ID of a...

6.5CVSS6.7AI score0.00717EPSS
Exploits1References1
NVD
NVD
added 2023/04/14 2:15 p.m.13 views

CVE-2022-45180

An issue was discovered in LIVEBOX Collaboration vDesk through v018. Broken Access Control exists under the /api/v1/vdeskDOMAIN/export endpoint. A malicious user, authenticated to the product without any specific privilege, can use the API for exporting information about all users of the system a...

6.5CVSS6.3AI score0.00713EPSS
Exploits1References1
AlpineLinux
AlpineLinux
added 2023/04/14 2:15 p.m.39 views

CVE-2022-45178

An issue was discovered in LIVEBOX Collaboration vDesk through v018. Broken Access Control exists under the /api/v1/vdeskintegration/saml/user/createorupdate endpoint, the /settings/guest-settings endpoint, the /settings/samlusers-settings endpoint, and the /settings/users-settings endpoint. A...

8.8CVSS8.9AI score0.00964EPSS
Exploits1References1
Rows per page
Query Builder