Lucene search
K
LiveboxcloudVdesk

13 matches found

CVE
CVE
added 2024/02/21 12:0 a.m.698 views

CVE-2022-45179

LIVEBOX Collaboration vDesk (through v031) has a basic XSS vulnerability in the /api/v1/vdeskintegration/todo/createorupdate endpoint via the title parameter, and in /dashboard/reminders. A remote authenticated user can inject arbitrary HTML into the reminder title, potentially corrupting the pag...

5.4CVSS5.4AI score0.00397EPSS
Web
CVE
CVE
added 2024/02/21 12:0 a.m.696 views

CVE-2022-45169

CVE-2022-45169 affects LIVEBOX Collaboration vDesk (through v031). It describes an Open Redirect: an authenticated user can trigger a URL redirection via /api/v1/notification/createnotification to send a push notification to another user that can include an invisible clickable link. Reported metr...

5.9CVSS5.4AI score0.00265EPSS
CVE
CVE
added 2024/02/21 12:0 a.m.692 views

CVE-2022-45177

LIVEBOX Collaboration vDesk (through v031) is affected. A vulnerability described as an Observable Response Discrepancy occurs on /api/v1/vdeskintegration/user/isenableuser, /api/v1/sharedsearch?search={NAME]+{SURNAME], and /login, where the web app reveals internal state information to unauthori...

7.5CVSS7.3AI score0.00539EPSS
Web
CVE
CVE
added 2023/04/14 12:0 a.m.151 views

CVE-2022-45180

CVE-2022-45180 affects LIVEBOX Collaboration vDesk (through v018) with Broken Access Control at the /api/v1/vdesk_{DOMAIN]/export endpoint. A user authenticated to the product without special privileges can export information for all users, a function intended for administrators. Public reference...

6.5CVSS6.2AI score0.00713EPSS
Web
CVE
CVE
added 2023/04/14 12:0 a.m.143 views

CVE-2022-45173

CVE-2022-45173 affects LIVEBOX Collaboration vDesk (vDesk) through v018. The flaw allows bypassing Two-Factor Authentication by tampering with the response at /api/v1/vdeskintegration/challenge, since client-side verification can be bypassed. Impact is high (CVE indicates full confidentiality, in...

9.8CVSS9.3AI score0.01033EPSS
CVE
CVE
added 2023/04/14 12:0 a.m.142 views

CVE-2022-45175

The vulnerability CVE-2022-45175 affects LIVEBOX Collaboration vDesk through v018. The issue is an Insecure Direct Object Reference in the endpoint 5.6.5-3/doc/{ID-FILE]/c/{N]/{C]/websocket, allowing an unauthenticated attacker to access cached files in the OnlyOffice backend of other users by gu...

6.5CVSS6.4AI score0.00717EPSS
Web
CVE
CVE
added 2024/06/10 12:0 a.m.88 views

CVE-2022-45176

CVE-2022-45176 affects LIVEBOX Collaboration vDesk through v018. The issue is a stored Cross-site Scripting (XSS) vulnerability at the endpoint /api/v1/getbodyfile, triggered by the input parameter uri . The web application does not properly validate parameters before saving them on the server, a...

6.1CVSS6.1AI score0.00314EPSS
Web
CVE
CVE
added 2024/06/10 12:0 a.m.80 views

CVE-2022-45168

LIVEBOX Collaboration vDesk (v018 and prior) is affected by CVE-2022-45168. The issue allows bypassing two-factor authentication by generating or regenerating backup codes at the endpoints /login/backup_code and /api/v1/vdeskintegration/createbackupcodes before the TOTP check is performed. Root c...

6.5CVSS6.9AI score0.00496EPSS
CVE
CVE
added 2024/05/28 7:23 p.m.65 views

CVE-2022-45171

CVE-2022-45171 affects LIVEBOX Collaboration vDesk (through v018). The issue is an Unrestricted Upload of a File with a Dangerous Type in the vShare web site section, allowing an authenticated remote user to upload potentially dangerous files without restrictions. The cited sources (NVD/Red Hat e...

8.8CVSS7AI score0.00752EPSS
CVE
CVE
added 2023/04/14 12:0 a.m.63 views

CVE-2022-45174

CVE-2022-45174 affects LIVEBOX Collaboration vDesk versions through v018. The issue allows bypassing Two-Factor Authentication for SAML users via /login/backup_code and /api/v1/vdeskintegration/challenge, by supplying a non-validated backup code, due to improper TOTP verification. Documents descr...

9.8CVSS9.4AI score0.01033EPSS
Web
CVE
CVE
added 2023/01/31 12:0 a.m.61 views

CVE-2022-45172

LIVEBOX Collaboration vDesk (pre-v018) is affected by a Broken Access Control issue caused by flaws in authorization logic. The vulnerability enables a malicious user with no privileges to escalate to administrator and access other user accounts via three endpoints: /api/v1/registration/validateE...

9.8CVSS9.5AI score0.01074EPSS
CVE
CVE
added 2023/04/14 12:0 a.m.50 views

CVE-2022-45170

CVE-2022-45170 affects LIVEBOX Collaboration vDesk (pre-v018) via the endpoint /api/v1/vencrypt/decrypt/file. A malicious user, already logged into a victim’s account, can decipher a file without the user’s key, revealing a cryptographic issue impacting confidentiality. The current sources descri...

6.5CVSS6.3AI score0.00444EPSS
CVE
CVE
added 2023/04/14 12:0 a.m.49 views

CVE-2022-45178

The CVE-2022-45178 entry concerns LIVEBOX Collaboration vDesk v018 and earlier, where a Broken Access Control flaw exists in multiple endpoints: /api/v1/vdeskintegration/saml/user/createorupdate, /settings/guest-settings, /settings/samlusers-settings, and /settings/users-settings. A logged-in SAM...

8.8CVSS8.7AI score0.00964EPSS