Tripleplay Security Vulnerabilities and Issues — Tripleplay CVE List

Lucene search

UniguestTripleplay

7 matches found

CVE•added 2025/03/04 4:15 p.m.•53 views

CVE-2024-50707

Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via the X-Forwarded-For header in an HTTP GET request.

10CVSS8.2AI score0.00477EPSS

CVE•added 2025/03/04 4:15 p.m.•46 views

CVE-2024-50704

Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via a specially crafted HTTP POST request.

10CVSS8.1AI score0.00261EPSS

CVE•added 2023/04/19 12:15 p.m.•44 views

CVE-2023-26599

XSS vulnerability in TripleSign in Tripleplay Platform releases prior to Caveman 3.4.0 allows attackers to inject client-side code to run as an authenticated user via a crafted link.

6.1CVSS5.8AI score0.00368EPSS

CVE•added 2023/04/19 12:15 p.m.•39 views

CVE-2023-25759

OS Command Injection in TripleData Reporting Engine in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated users to run unprivileged OS level commands via a crafted request payload.

5.4CVSS5.7AI score0.01206EPSS

CVE•added 2023/04/19 12:15 p.m.•39 views

CVE-2023-25760

Incorrect Access Control in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated user to modify other users passwords via a crafted request payload

8.8CVSS8.2AI score0.00228EPSS

CVE•added 2025/03/04 3:15 p.m.•37 views

CVE-2024-50706

Unauthenticated SQL injection vulnerability in Uniguest Tripleplay version 23.1+ allows remote attackers to execute arbitrary SQL queries on the backend database.

9.8CVSS9.9AI score0.00147EPSS

CVE•added 2025/03/04 3:15 p.m.•31 views

CVE-2024-50705

Unauthenticated reflected cross-site scripting (XSS) vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary scripts via the page parameter.

7.1CVSS6AI score0.00039EPSS