Lucene search

K

Iris Security Vulnerabilities

cve
cve

CVE-2024-34060

IrisEVTXModule is an interface module for Evtx2Splunk and Iris in order to ingest Microsoft EVTX log files. The iris-evtx-module is a pipeline plugin of iris-web that processes EVTX files through IRIS web application. During the upload of an EVTX through this pipeline, the filename is not safely...

8.8CVSS

7.9AI Score

0.0004EPSS

2024-05-23 12:15 PM
58
cve
cve

CVE-2024-25624

Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. Due to an improper setup of Jinja2 environment, reports generation in iris-web is prone to a Server Side Template Injection (SSTI). Successful exploitation of the vulnerability.....

6.8CVSS

7.4AI Score

0.0004EPSS

2024-04-25 05:15 PM
29
cve
cve

CVE-2024-25640

Iris is a web collaborative platform that helps incident responders share technical details during investigations. A stored Cross-Site Scripting (XSS) vulnerability has been identified in iris-web, affecting multiple locations in versions prior to v2.4.0. The vulnerability may allow an attacker to....

4.6CVSS

4.3AI Score

0.0004EPSS

2024-02-19 08:15 PM
26
cve
cve

CVE-2023-50712

Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. A stored Cross-Site Scripting (XSS) vulnerability has been identified in iris-web, affecting multiple locations in versions prior to v2.3.7. The vulnerability may allow an...

5.4CVSS

5AI Score

0.0004EPSS

2023-12-22 08:15 PM
10
cve
cve

CVE-2023-30615

Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. A stored Cross-Site Scripting (XSS) vulnerability has been identified in iris-web, affecting multiple locations . The vulnerability in allows an attacker to inject malicious...

6.3CVSS

5.1AI Score

0.001EPSS

2023-05-25 06:15 PM
17
cve
cve

CVE-2022-37028

ISAMS 22.2.3.2 is prone to stored Cross-site Scripting (XSS) attack on the title field for groups, allowing an attacker to store a JavaScript payload that will be executed when another user uses the...

5.4CVSS

5.1AI Score

0.001EPSS

2022-09-27 11:15 PM
23
4
cve
cve

CVE-2021-23772

This affects all versions of package github.com/kataras/iris; all versions of package github.com/kataras/iris/v12. The unsafe handling of file names during upload using UploadFormFiles method may enable attackers to write to arbitrary locations outside the designated target...

8.8CVSS

8.6AI Score

0.003EPSS

2021-12-24 12:15 PM
46
cve
cve

CVE-2020-28403

A Cross-Site Request Forgery (CSRF) vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an attacker to change the privileges of any user of the application. This can be used to grant himself administrative role or remove the administrative account of the...

8.8CVSS

8.8AI Score

0.001EPSS

2021-01-29 07:15 AM
44
4
cve
cve

CVE-2020-28405

An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to change the privileges of any user of the application. This can be used to grant himself the administrative role or remove all administrative accounts of the...

8.8CVSS

8.6AI Score

0.001EPSS

2021-01-29 07:15 AM
43
3
cve
cve

CVE-2020-28406

An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access details about jobs he should not have access to via the Audit Trail...

6.5CVSS

6.3AI Score

0.001EPSS

2021-01-29 07:15 AM
41
4
cve
cve

CVE-2020-28402

An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access Launcher Configuration...

8.8CVSS

8.5AI Score

0.001EPSS

2021-01-29 07:15 AM
42
3
cve
cve

CVE-2020-28404

An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access the Billing page without the appropriate...

6.5CVSS

6.3AI Score

0.001EPSS

2021-01-29 07:15 AM
39
3
cve
cve

CVE-2020-28401

An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access WIP details about jobs he should not have access...

6.5CVSS

6.3AI Score

0.001EPSS

2021-01-29 07:15 AM
39
4
cve
cve

CVE-2013-1744

IRIS citations management tool through 1.3 allows remote attackers to execute arbitrary...

9.8CVSS

9.6AI Score

0.04EPSS

2020-01-25 07:15 PM
80