3 matches found
CVE-2024-48743
CVE-2024-48743 affects Sentry v6.0.9, where a Cross-Site Scripting flaw in the z parameter can allow a remote attacker to execute arbitrary code. The issue is confirmed across multiple sources (NVD/Red Hat/CVE listings) with the remote-network attack vector and low complexity, but exploitation st...
CVE-2020-8887
The CVE-2020-8887 entry concerns Telestream Tektronix Medius (and Sentry) before version 10.7.5, affected by an SQL injection in the login flow. Specifically, an unauthenticated attacker can dump database contents by manipulating the page parameter in a login request to index.php. The root cause ...
CVE-2024-10276
Telestream Sentry 6.0.9 contains a cross-site scripting (XSS) vulnerability in the Reports Page component, specifically via the /?page=reports endpoint where manipulating the z argument can be exploited remotely. Several connected sources confirm the vulnerability in Telestream Sentry 6.0.9, with...