3 matches found
CVE-2024-48905
CVE-2024-48905 affects Sematell ReplyOne 7.4.3.0 with insecure permissions on the /rest/sessions endpoint, enabling potential unauthorized access. Root cause: insufficient access controls. CVSS v3.1 base score 9.1 (CRITICAL) affecting confidentiality and integrity. Exploitation details are not pr...
CVE-2024-48906
CVE-2024-48906 affects Sematell ReplyOne 7.4.3.0. The vulnerability is an XSS flaw that can be triggered via the name of a ReplyDesk email attachment. The PT-2015-18713 entry provides the concrete vector: attachment-name-based XSS. Remediation in the connected details includes input validation/sa...
CVE-2024-48907
The CVE-2024-48907 reference concerns Sematell ReplyOne version 7.4.3.0 that is susceptible to Server-Side Request Forgery (SSRF) through the application server API. The available sources describe the vulnerability as enabling the application server to initiate unauthorized external requests, wit...