Lucene search
+L
Freetakserver-ui ProjectFreetakserver-ui

6 matches found

CVE
CVE
added 2022/03/10 11:35 p.m.132 views

CVE-2022-25512

CVE-2022-25512 affects FreeTAKServer-UI v1.9.8. The root cause described in connected documents is that the WebUI leaks sensitive tokens (API and Websocket) in the JavaScript source, enabling information disclosure. The CVSS data from NVD indicates a high confidentiality impact (C:H) with network...

7.5CVSS7.4AI score0.01073EPSS
CVE
CVE
added 2022/03/10 11:35 p.m.126 views

CVE-2022-25511

FreeTAKServer-UI v1.9.8 contains a path traversal vulnerability in the ?filename= parameter of the /DataPackageTable route that can allow attackers to place arbitrary files on the system. This is documented across multiple sources (CVE-2022-25511 and related advisories). The exact root cause is n...

6.5CVSS6.3AI score0.00719EPSS
CVE
CVE
added 2022/03/10 11:35 p.m.124 views

CVE-2022-25510

The CVE-2022-25510 issue affects FreeTAKServer 1.9.8, where a hardcoded Flask secret key enables attackers to craft cookies to bypass authentication or escalate privileges. Root cause: the Flask secret key is stored in code/config instead of being externally supplied, compromising session integri...

8.8CVSS8.8AI score0.01035EPSS
CVE
CVE
added 2022/03/10 11:35 p.m.123 views

CVE-2022-25507

CVE-2022-25507 affects FreeTAKServer-UI (v1.9.8) with a stored XSS vulnerability exploitable via the Callsign parameter. The connected sources confirm the vulnerability but do not provide exploitation details, affected versions beyond v1.9.8, or a published patch/mitigation. No root-cause or impa...

5.4CVSS5.2AI score0.00479EPSS
CVE
CVE
added 2022/03/10 11:35 p.m.117 views

CVE-2022-25506

CVE-2022-25506 concerns FreeTAKServer-UI v1.9.8 with a reported SQL injection vulnerability in the API endpoint /AuthenticateUser . Multiple connected sources confirm the flaw stems from improper neutralization of SQL commands against the SQLite3 database, enabling an attacker to access sensitive...

6.5CVSS6.6AI score0.00855EPSS
CVE
CVE
added 2022/03/10 11:35 p.m.115 views

CVE-2022-25508

FreeTAKServer v1.9.8 has an access control vulnerability in the /ManageRoute/postRoute endpoint that allows unauthenticated users to cause a DoS by creating an unusually large number of routes (or unsafe/false routes). The issue is documented across multiple sources (NVD, OSV, CNVD, GHSA/GitHub a...

7.5CVSS7.4AI score0.01019EPSS