CVE-2018-19555

tp4a TELEPORT 3.1.0 has CSRF via user/do-reset-password to change any password, such as the administrator password...

Default credentials

tp4a TELEPORT 3.1.0 has CSRF via user/do-reset-password to change any password, such as the administrator password...

CVE-2018-19555

tp4a TELEPORT 3.1.0 is affected by a CSRF vulnerability that allows an attacker to use the user/do-reset-password endpoint to change any password, including the administrator password. This is documented across multiple sources (NVD/NVD-derived refs, OSV, CVE lists) as a CSRF flaw that enables un...

TELEPORT Cross-Site Scripting Vulnerability

tp4a TELEPORT is a bastion system. The system supports hopping and management of RDP and SSH protocols. A cross-site scripting vulnerability exists in tp4a TELEPORT version 3.1.0, which stems from the program failing to properly handle specially crafted usernames. A remote attacker can exploit th...

Cross site scripting

tp4a TELEPORT 3.1.0 allows XSS via the login page because a crafted username is mishandled when an administrator later views the system log...

CVE-2018-19301

CVE-2018-19301 affects tp4a TELEPORT 3.1.0 and is an XSS vulnerability: a crafted username mishandled on the login page can be reflected when an administrator later views the system log. Multiple sources (NVD entry, CNVD/CVEs) describe the issue as a cross-site scripting flaw in the login flow, t...