Lucene search
K
Dfir-irisIris

5 matches found

CVE
CVE
added 2024/04/25 4:30 p.m.66 views

CVE-2024-25624

CVE-2024-25624 affects Iris (iris-web) and is due to improper Jinja2 environment setup causing Server Side Template Injection (SSTI). An authenticated administrator must upload a crafted report template; when a weaponized report is generated, any user can trigger the vulnerability, potentially le...

6.8CVSS7.4AI score0.00852EPSS
CVE
CVE
added 2024/02/19 7:56 p.m.57 views

CVE-2024-25640

CVE-2024-25640 affects iris-web prior to version 2.4.0, where a stored XSS flaw exists at multiple locations. The underlying issue allows an authenticated attacker to inject scripts that execute when a user visits affected pages. Impact is consistent with XSS exposure leading to potential data ac...

5.4CVSS4.3AI score0.00337EPSS
CVE
CVE
added 2023/05/25 5:39 p.m.46 views

CVE-2023-30615

CVE-2023-30615 (iris-web) is a stored XSS vulnerability affecting iris-web before version 2.2.1. The issue allows an authenticated attacker to inject malicious scripts that run when users visit affected locations, with potential for unauthorized access and data theft. The patch is available in ir...

6.3CVSS5.4AI score0.00382EPSS
CVE
CVE
added 2023/12/22 7:19 p.m.38 views

CVE-2023-50712

Summary (CVE-2023-50712): Iris-web prior to v2.3.7 contains a stored XSS vulnerability across multiple locations. An attacker must be authenticated to exploit, and injected scripts could execute when a user visits affected areas, potentially enabling unauthorized access or data theft. The issue i...

5.4CVSS4.6AI score0.00298EPSS
CVE
CVE
added 2026/01/12 6:27 p.m.13 views

CVE-2026-22783

CVE-2026-22783 affects the Iris DFIR-IRIS datastore file management system prior to version 2.4.24 . A vulnerability arises from mass assignment of the field file_local_name combined with trusting the path in the delete operation, enabling authenticated users to delete arbitrary filesystem paths....

9.6CVSS6.6AI score0.00298EPSS