Lucene search
K

9 matches found

CVE
CVE
added 2022/12/27 12:0 a.m.90 views

CVE-2022-46764

CVE-2022-46764 affects TrueConf Server 5.2.0.10225. The web API is vulnerable to SQL injection that allows remote unauthenticated execution of arbitrary SQL commands, leading to remote code execution. The issue is fixed in version 5.2.6. Connected sources confirm the affected product/version and ...

9.8CVSS7.7AI score0.02067EPSS
CVE
CVE
added 2022/12/27 12:0 a.m.87 views

CVE-2022-46763

The CVE-2022-46763 issue affects TrueConf Server 5.2.0.10225, where a SQL injection in a database stored function allows a low-privileged database user to execute arbitrary SQL as the database administrator, potentially enabling arbitrary code execution. The root cause is a vulnerability in the d...

8.8CVSS8.7AI score0.01056EPSS
CVE
CVE
added 2022/06/29 4:15 p.m.68 views

CVE-2017-20113

TrueConf Server 4.3.7 is affected by a stored cross-site scripting vulnerability due to inadequate sanitization in multiple inputs (e.g., redirect_url and other parameters) in the web interface. The issue potentially allows remote attackers to execute arbitrary HTML/JS in a user’s browser session...

5.4CVSS4.5AI score0.00577EPSS
CVE
CVE
added 2022/06/29 4:15 p.m.58 views

CVE-2017-20119

TrueConf Server 4.3.7 is affected by an open-redirect vulnerability in the /admin/general/change-lang endpoint. The issue arises from improper handling of the redirect_url parameter, allowing remote attackers to redirect users to an arbitrary URL. Exploitation has been publicly disclosed (e.g., e...

6.1CVSS5.1AI score0.00674EPSS
Web
CVE
CVE
added 2022/06/29 4:15 p.m.57 views

CVE-2017-20115

CVE-2017-20115 affects TrueConf Server 4.3.7. The issue is a reflected cross-site scripting vulnerability in the handling of the sort parameter for the /admin/conferences/list/ endpoint. This can be triggered remotely and has been publicly disclosed. Public references indicate multiple corroborat...

5.4CVSS4.6AI score0.00577EPSS
Web
CVE
CVE
added 2022/06/29 4:15 p.m.55 views

CVE-2017-20116

CVE-2017-20116 affects TrueConf Server 4.3.7. Vulnerability in the /admin/group/list/ endpoint (parameter checked_group_id) allows remote, reflected XSS due to insufficient input sanitization. Exploitation publicly disclosed. In practice, upgrading to TrueConf Server 5.0.2+ (or applying vendor-pr...

5.4CVSS4.6AI score0.00577EPSS
Web
CVE
CVE
added 2022/06/29 4:15 p.m.55 views

CVE-2017-20117

CVE-2017-20117 affects TrueConf Server 4.3.7. The vulnerability exists in the /admin/group functionality and is a cross-site scripting (DOM XSS) flaw caused by improper handling of inputs, exploitable remotely. Several sources confirm that the vulnerability can be triggered by an attacker to exec...

5.4CVSS4.6AI score0.00577EPSS
CVE
CVE
added 2022/06/29 4:15 p.m.54 views

CVE-2017-20118

CVE-2017-20118 affects TrueConf Server 4.3.7. The vulnerability is a DOM-based cross-site scripting issue in the /admin/conferences/list/ endpoint caused by manipulation of the domxss argument. It can be exploited remotely and has been publicly disclosed (exploits exist). Affected versions are 4....

5.4CVSS4.5AI score0.00577EPSS
Web
CVE
CVE
added 2022/06/29 4:15 p.m.52 views

CVE-2017-20114

TrueConf Server 4.3.7 contains a reflected cross-site scripting vulnerability in /admin/conferences/get-all-status/ caused by unsanitized keys[] input. The issue can be exploited remotely and an exploit has been disclosed publicly (referenced in multiple sources). Public-enabling details include ...

5.4CVSS4.7AI score0.00577EPSS
Web