Lucene search
K
RadixiotMango

4 matches found

CVE
CVE
added 2024/10/25 12:0 a.m.98 views

CVE-2024-37847

The CVE-2024-37847 entry documents an arbitrary file upload vulnerability affecting MangoOS before 5.1.4 and Mango API before 4.5.5, enabling arbitrary code execution via a crafted file. Affected components: MangoOS and Mango API (versions prior to listed fixes). Root cause: improper handling of ...

9.8CVSS7.8AI score0.0088EPSS
CVE
CVE
added 2024/10/25 12:0 a.m.55 views

CVE-2024-37846

MangoOS before 5.2.0 is affected by a Client-Side Template Injection (CSTI) vulnerability exposed on the Platform Management Edit page. The issue is tied to the Platform Management Edit page and allows CSTI, with sources indicating that versions prior to 5.2.0 are vulnerable. The connected Red Ha...

9.8CVSS7.6AI score0.00296EPSS
CVE
CVE
added 2024/10/25 12:0 a.m.54 views

CVE-2024-37845

MangoOS is affected by CVE-2024-37845: versions prior to 5.2.0 expose an authenticated remote code execution (RCE) vulnerability through the Active Process Command feature. The issue is confirmed by multiple sources in the connected set (including PT-2024-27779 and Red Hat/NVD records). Impact de...

7.2CVSS8.3AI score0.00749EPSS
CVE
CVE
added 2024/10/25 12:0 a.m.52 views

CVE-2024-37844

MangoOS is affected by a stored XSS vulnerability prior to version 5.2.0. The issue allows an attacker to execute arbitrary web scripts or HTML via a crafted payload, impacting web interfaces. Affected: MangoOS before 5.2.0. Root cause: stored XSS in the web context. Impact: potential data exposu...

5.4CVSS5.6AI score0.00227EPSS