Lucene search
K
SipwiseNext Generation Communication Platform

4 matches found

CVE
CVE
added 2021/04/23 8:53 p.m.61 views

CVE-2021-31584

CVE-2021-31584 affects Sipwise C5 NGCP CSC; CSRF allows performing actions with administrative privileges via the www_csc interface for versions up to CE mr3.8.13 (3.6.4). Documented impacts include cross-site requests made by authenticated users to admin endpoints; exploit information exists (CS...

8.8CVSS8.7AI score0.00926EPSS
CVE
CVE
added 2021/04/23 8:52 p.m.57 views

CVE-2021-31583

Affected software: Sipwise C5 NGCP WWW Admin (NGCP CE 3.0 era; also NGCP www_admin 3.6.7). Description and connected sources document multiple authenticated stored and reflected XSS vulnerabilities arising when input to several scripts/parameters is not properly sanitized. Confirmed vulnerable lo...

5.4CVSS5.3AI score0.01123EPSS
CVE
CVE
added 2024/04/10 12:0 a.m.54 views

CVE-2024-28344

CVE-2024-28344: Open Redirect vulnerability in Sipwise C5 NGCP Dashboard before mr11.5.1. The issue allows an attacker to manipulate the back parameter via a double-encoded URL. Impact is low in CVSS terms per provided metrics, and exploitation would require user interaction. Remediation: update ...

3.1CVSS6.7AI score0.00463EPSS
CVE
CVE
added 2024/04/10 12:0 a.m.47 views

CVE-2024-28345

Sipwise C5 NGCP Dashboard (versions prior to mr11.5.1) is affected by CVE-2024-28345, where a low-privileged user can access the Journal endpoint by directly visiting its URL. The vulnerability reference across sources indicates insufficient access control/endpoint exposure that allows direct URL...

5.5CVSS6.6AI score0.0042EPSS