Lucene search
+L
CertVince

6 matches found

CVE
CVE
added 2022/08/16 10:0 p.m.62 views

CVE-2022-25799

CERT/CC VINCE is affected by an open redirect vulnerability in versions prior to 1.50.0. An attacker can craft a URL that, when an authenticated user clicks it, redirects the user’s browser to a malicious site impersonating a legitimate one, potentially enabling credential exposure. The issue’s r...

6.1CVSS5.9AI score0.00468EPSS
CVE
CVE
added 2024/10/28 3:38 p.m.60 views

CVE-2024-10469

CVE-2024-10469 affects VINCE before 3.0.9. The issue allows exposure of user information to authenticated users due to an access/control flaw in VINCE’s User Management view. Impact is user information disclosure; CVSS vectors in sources indicate medium base severity with confidentiality impact. ...

6.5CVSS6.3AI score0.00184EPSS
CVE
CVE
added 2024/10/14 9:19 p.m.60 views

CVE-2024-9953

CERT VINCE before version 3.0.8 is affected by a DoS vulnerability where an authenticated administrative user can inject an arbitrary pickle object into a user profile. Accessing the profile may trigger a DoS condition, even though Django restricts unpickling to prevent crashes. Reported in multi...

4.9CVSS5AI score0.00424EPSS
CVE
CVE
added 2022/10/10 12:0 a.m.58 views

CVE-2022-40248

CERT/CC VINCE is affected by an HTML injection vulnerability in versions prior to 1.50.4. An authenticated attacker can inject arbitrary HTML via the Product Affected field in a form, potentially impacting data or UI integrity. The vulnerability has been consistently described across multiple sou...

5.4CVSS5.4AI score0.00365EPSS
CVE
CVE
added 2022/10/26 3:15 p.m.55 views

CVE-2022-40238

CVE-2022-40238 describes a Remote Code Injection in CERT software prior to 1.50.5. An authenticated attacker can inject arbitrary pickle objects as part of a user’s profile, leading to code execution on the server when the profile is accessed. Affected component is CERT software’s profile handlin...

8.8CVSS9AI score0.01158EPSS
CVE
CVE
added 2022/10/10 12:0 a.m.54 views

CVE-2022-40257

CVE-2022-40257 affects CERT/CC VINCE software prior to v1.50.4. An authenticated attacker can inject arbitrary HTML via a crafted email with HTML in the Subject field due to insufficient HTML sanitization. The vulnerability enables HTML injection in VINCE’s handling of email subjects, with CVSS v...

5.4CVSS5.3AI score0.0035EPSS