4 matches found
CVE-2021-31584
CVE-2021-31584 affects Sipwise C5 NGCP CSC; CSRF allows performing actions with administrative privileges via the www_csc interface for versions up to CE mr3.8.13 (3.6.4). Documented impacts include cross-site requests made by authenticated users to admin endpoints; exploit information exists (CS...
CVE-2021-31583
Affected software: Sipwise C5 NGCP WWW Admin (NGCP CE 3.0 era; also NGCP www_admin 3.6.7). Description and connected sources document multiple authenticated stored and reflected XSS vulnerabilities arising when input to several scripts/parameters is not properly sanitized. Confirmed vulnerable lo...
CVE-2024-28344
CVE-2024-28344: Open Redirect vulnerability in Sipwise C5 NGCP Dashboard before mr11.5.1. The issue allows an attacker to manipulate the back parameter via a double-encoded URL. Impact is low in CVSS terms per provided metrics, and exploitation would require user interaction. Remediation: update ...
CVE-2024-28345
Sipwise C5 NGCP Dashboard (versions prior to mr11.5.1) is affected by CVE-2024-28345, where a low-privileged user can access the Journal endpoint by directly visiting its URL. The vulnerability reference across sources indicates insufficient access control/endpoint exposure that allows direct URL...