Terminalfour Security Vulnerabilities and Issues — Terminalfour CVE List

Lucene search

TerminalfourTerminalfour

5 matches found

CVE•added 2024/02/21 4:15 p.m.•6608 views

CVE-2024-22220

An issue was discovered in Terminalfour 7.4 through 7.4.0004 QP3 and 8 through 8.3.19, and Formbank through 2.1.10-FINAL. Unauthenticated Stored Cross-Site Scripting can occur, with resultant Admin Session Hijacking. The attack vectors are Form Builder and Form Preview.

6.3CVSS6AI score0.00276EPSS

CVE•added 2023/04/12 2:15 p.m.•212 views

CVE-2023-23591

The Logback component in Terminalfour before 8.3.14.1 allows OS administrators to obtain sensitive information from application server logs when debug logging is enabled. The fixed versions are 8.2.18.7, 8.2.18.2.2, 8.3.11.1, and 8.3.14.1.

4.9CVSS4.8AI score0.00064EPSS

CVE•added 2022/05/16 3:15 a.m.•81 views

CVE-2022-30770

Terminalfour versions 8.3.7, 8.3.x versions prior to version 8.3.8 and r 8.2.x versions prior to version 8.2.18.5 or 8.2.18.2.1 are vulnerable to (XSS) vulnerability that could be exploited by an attacker to mislead an administrator and steal their credentials.

6.1CVSS6AI score0.00525EPSS

CVE•added 2024/08/15 6:15 p.m.•52 views

CVE-2024-22217

A Server-Side Request Forgery (SSRF) vulnerability in Terminalfour before 8.3.19 allows authenticated users to use specific features to access internal services including sensitive information on the server that Terminalfour runs on.

6.5CVSS6.1AI score0.00118EPSS

CVE•added 2023/10/16 8:15 p.m.•28 views

CVE-2023-29484

In Terminalfour before 8.3.16, misconfigured LDAP users are able to login with an invalid password.

6.5CVSS6.4AI score0.00102EPSS