5 matches found
CVE-2024-25624
CVE-2024-25624 affects Iris (iris-web) and is due to improper Jinja2 environment setup causing Server Side Template Injection (SSTI). An authenticated administrator must upload a crafted report template; when a weaponized report is generated, any user can trigger the vulnerability, potentially le...
CVE-2024-25640
CVE-2024-25640 affects iris-web prior to version 2.4.0, where a stored XSS flaw exists at multiple locations. The underlying issue allows an authenticated attacker to inject scripts that execute when a user visits affected pages. Impact is consistent with XSS exposure leading to potential data ac...
CVE-2023-30615
CVE-2023-30615 (iris-web) is a stored XSS vulnerability affecting iris-web before version 2.2.1. The issue allows an authenticated attacker to inject malicious scripts that run when users visit affected locations, with potential for unauthorized access and data theft. The patch is available in ir...
CVE-2023-50712
Summary (CVE-2023-50712): Iris-web prior to v2.3.7 contains a stored XSS vulnerability across multiple locations. An attacker must be authenticated to exploit, and injected scripts could execute when a user visits affected areas, potentially enabling unauthorized access or data theft. The issue i...
CVE-2026-22783
CVE-2026-22783 affects the Iris DFIR-IRIS datastore file management system prior to version 2.4.24 . A vulnerability arises from mass assignment of the field file_local_name combined with trusting the path in the delete operation, enabling authenticated users to delete arbitrary filesystem paths....