InterMind iMind Server through 3.13.65 allows remote unauthenticated attackers to read the self-diagnostic archive via a direct api/rs/monitoring/rs/api/system/dump-diagnostic-info?server=127.0.0.1 request.
CSV Injection exists in InterMind iMind Server through 3.13.65 via the csv export functionality.
8.8CVSS
8.8AI Score
0.002EPSS
Stored XSS in InterMind iMind Server through 3.13.65 allows any user to hijack another user's session by sending a malicious file in the chat.
7.8CVSS
7.1AI Score
0.001EPSS