daloRADIUS is an open source RADIUS web management application. daloRadius 1.3 and prior are vulnerable to a combination cross site scripting (XSS) and cross site request forgery (CSRF) vulnerability which leads to account takeover in the mng-del.php file because of an unescaped variable reflected ...
8.8CVSS
8.3AI Score
0.001EPSS
Missing Authorization in GitHub repository lirantal/daloradius prior to master branch.
7.5CVSS
7.5AI Score
0.001EPSS
Sensitive Cookie Without 'HttpOnly' Flag in GitHub repository lirantal/daloradius prior to master.
5.3CVSS
5.3AI Score
0.001EPSS
Improper Restriction of Names for Files and Other Resources in GitHub repository lirantal/daloradius prior to master-branch.
7.2CVSS
7AI Score
0.001EPSS
8.8CVSS
7.6AI Score
0.001EPSS
Cross-site Scripting (XSS) - Reflected in GitHub repository lirantal/daloradius prior to master-branch.
6.1CVSS
5.7AI Score
0.001EPSS
Cross-site Scripting (XSS) - Reflected in GitHub repository lirantal/daloradius prior to master-branch.
6.1CVSS
5.7AI Score
0.001EPSS