IrisEVTXModule is an interface module for Evtx2Splunk and Iris in order to ingest Microsoft EVTX log files. The iris-evtx-module is a pipeline plugin of iris-web that processes EVTX files through IRIS web application. During the upload of an EVTX through this pipeline, the filename is not safely...
8.8CVSS
7.9AI Score
0.0004EPSS
Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. Due to an improper setup of Jinja2 environment, reports generation in iris-web is prone to a Server Side Template Injection (SSTI). Successful exploitation of the vulnerability.....
6.8CVSS
7.4AI Score
0.0004EPSS
Iris is a web collaborative platform that helps incident responders share technical details during investigations. A stored Cross-Site Scripting (XSS) vulnerability has been identified in iris-web, affecting multiple locations in versions prior to v2.4.0. The vulnerability may allow an attacker to....
4.6CVSS
4.3AI Score
0.0004EPSS
Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. A stored Cross-Site Scripting (XSS) vulnerability has been identified in iris-web, affecting multiple locations in versions prior to v2.3.7. The vulnerability may allow an...
5.4CVSS
5AI Score
0.0004EPSS
Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. A stored Cross-Site Scripting (XSS) vulnerability has been identified in iris-web, affecting multiple locations . The vulnerability in allows an attacker to inject malicious...
6.3CVSS
5.1AI Score
0.001EPSS
ISAMS 22.2.3.2 is prone to stored Cross-site Scripting (XSS) attack on the title field for groups, allowing an attacker to store a JavaScript payload that will be executed when another user uses the...
5.4CVSS
5.1AI Score
0.001EPSS
This affects all versions of package github.com/kataras/iris; all versions of package github.com/kataras/iris/v12. The unsafe handling of file names during upload using UploadFormFiles method may enable attackers to write to arbitrary locations outside the designated target...
8.8CVSS
8.6AI Score
0.003EPSS
A Cross-Site Request Forgery (CSRF) vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an attacker to change the privileges of any user of the application. This can be used to grant himself administrative role or remove the administrative account of the...
8.8CVSS
8.8AI Score
0.001EPSS
An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to change the privileges of any user of the application. This can be used to grant himself the administrative role or remove all administrative accounts of the...
8.8CVSS
8.6AI Score
0.001EPSS
An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access details about jobs he should not have access to via the Audit Trail...
6.5CVSS
6.3AI Score
0.001EPSS
An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access Launcher Configuration...
8.8CVSS
8.5AI Score
0.001EPSS
An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access the Billing page without the appropriate...
6.5CVSS
6.3AI Score
0.001EPSS
An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access WIP details about jobs he should not have access...
6.5CVSS
6.3AI Score
0.001EPSS
IRIS citations management tool through 1.3 allows remote attackers to execute arbitrary...
9.8CVSS
9.6AI Score
0.04EPSS