CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13 matches found

OSV•added 2022/03/12 12:0 a.m.•13 views

GHSA-GJH6-WVHQ-H4QX Cross-site Scripting in FreeTAKServer-UI

FreeTAKServer-UI v1.9.8 was discovered to contain a stored cross-site scripting XSS vulnerability via the Callsign parameter...

5.4CVSS5.2AI score0.00191EPSS

Exploits1References3

NVD•added 2022/03/11 12:15 a.m.•12 views

CVE-2022-25512

FreeTAKServer-UI v1.9.8 was discovered to leak sensitive API and Websocket keys...

7.5CVSS0.00265EPSS

Exploits1References1

OSV•added 2022/03/11 12:15 a.m.•14 views

CVE-2022-25507

FreeTAKServer-UI v1.9.8 was discovered to contain a stored cross-site scripting XSS vulnerability via the Callsign parameter...

5.4CVSS5.8AI score

Exploits0References1

NVD•added 2022/03/11 12:15 a.m.•8 views

CVE-2022-25507

FreeTAKServer-UI v1.9.8 was discovered to contain a stored cross-site scripting XSS vulnerability via the Callsign parameter...

5.4CVSS0.00191EPSS

Exploits1References1

Prion•added 2022/03/11 12:15 a.m.•7 views

Design/Logic Flaw

An access control issue in the component /ManageRoute/postRoute of FreeTAKServer v1.9.8 allows unauthenticated attackers to cause a Denial of Service DoS via an unusually large amount of created routes, or create unsafe or false routes for legitimate users...

5CVSS7.5AI score0.01847EPSS

Exploits1References1Affected Software1

Prion•added 2022/03/11 12:15 a.m.•6 views

Sql injection

FreeTAKServer-UI v1.9.8 was discovered to contain a SQL injection vulnerability via the API endpoint /AuthenticateUser...

4CVSS6.6AI score0.00238EPSS

Exploits1References1Affected Software1

Cvelist•added 2022/03/10 11:35 p.m.•9 views

CVE-2022-25507

FreeTAKServer-UI v1.9.8 was discovered to contain a stored cross-site scripting XSS vulnerability via the Callsign parameter...

5.5AI score0.00191EPSS

Exploits1References1

CNVD•added 2021/12/23 12:0 a.m.•11 views

Rockoa Cross-Site Request Forgery Vulnerability

RockOA Letter Call is an open source office OA system. v1.9.8 of Rockoa has a security vulnerability that can be exploited by attackers to arbitrarily add administrator accounts...

8CVSS4.5AI score0.00151EPSS

Exploits1References1

NVD•added 2021/12/22 11:15 p.m.•8 views

CVE-2020-20593

A cross-site request forgery CSRF in Rockoa v1.9.8 allows an authenticated attacker to arbitrarily add an administrator account...

8CVSS0.00151EPSS

Exploits1References2

CVE•added 2021/12/22 10:35 p.m.•40 views

CVE-2020-20593

Rockoa v1.9.8 is affected by a cross-site request forgery (CSRF) allowing an authenticated attacker to arbitrarily add an administrator account. This CVE-2020-20593 entry is supported by NVD metrics (CVSS v2 base 6.0; CVSS v3.1 base 8.0) and multiple references in connected records; exploitation ...

8CVSS7.7AI score0.00151EPSS

Exploits1References2Affected Software1

Cvelist•added 2021/12/22 10:35 p.m.•13 views

CVE-2020-20593

A cross-site request forgery CSRF in Rockoa v1.9.8 allows an authenticated attacker to arbitrarily add an administrator account...

7.8AI score0.00151EPSS

Exploits1References2

NVD•added 2021/01/26 6:15 p.m.•10 views

CVE-2020-21147

RockOA V1.9.8 is affected by a cross-site scripting XSS vulnerability which allows remote attackers to send malicious code to the administrator and execute JavaScript code, because webmain/flow/input/modeemailmAction.php does not perform strict filtering...

4.8CVSS5AI score0.00218EPSS

Exploits1References2

Prion•added 2021/01/26 6:15 p.m.•8 views

Cross site scripting

3.5CVSS5.1AI score0.00218EPSS

Exploits1References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by