Mesbook@* Security Vulnerabilities and Issues — Mesbook@* CVE List

Lucene search

MesbookMesbook*

4 matches found

CVE•added 2024/07/03 12:15 p.m.•77 views

CVE-2024-6426

Information exposure vulnerability in MESbook 20221021.03 version, the exploitation of which could allow a local attacker, with user privileges, to access different resources by changing the API value of the application.

8.1CVSS7.3AI score0.00095EPSS

CVE•added 2024/07/01 1:15 p.m.•63 views

CVE-2024-6424

External server-side request vulnerability in MESbook 20221021.03 version, which could allow a remote, unauthenticated attacker to exploit the endpoint "/api/Proxy/Post?userName=&password=&uri=<FILE|INTERNAL URL|IP/HOST" or "/api/Proxy/Get?userName=&password=&uri=

9.3CVSS9.2AI score0.00413EPSS

CVE•added 2024/07/01 1:15 p.m.•40 views

CVE-2024-6425

Incorrect Provision of Specified Functionality vulnerability in MESbook 20221021.03 version. An unauthenticated remote attacker can register user accounts without being authenticated from the route "/account/Register/" and in the parameters "UserName=&Password=&ConfirmPassword=".

9.1CVSS9.3AI score0.00324EPSS

CVE•added 2024/07/03 12:15 p.m.•36 views

CVE-2024-6427

Uncontrolled Resource Consumption vulnerability in MESbook 20221021.03 version. An unauthenticated remote attacker can use the "message" parameter to inject a payload with dangerous JavaScript code, causing the application to loop requests on itself, which could lead to resource consumption and dis...

7.5CVSS7.5AI score0.00625EPSS