herombey/Disclosures

Releases0

Vulnerability Disclosures

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-37846 ↗	Oct 25, 2024Friday, 25 October 2024, 19:15	4.6 MEDIUM	—
MangoOS before 5.2.0 was discovered to contain a Client-Side Template Injection (CSTI) vulnerability via the Platform Management Edit page.
CVE-2024-37847 ↗	Oct 25, 2024Friday, 25 October 2024, 19:15	8.8 HIGH	—
An arbitrary file upload vulnerability in MangoOS before 5.1.4 and Mango API before 4.5.5 allows attackers to execute arbitrary code via a crafted file.
CVE-2024-37844 ↗	Oct 25, 2024Friday, 25 October 2024, 19:15	5.4 MEDIUM	—
A stored cross-site scripting (XSS) vulnerability in MangoOS before 5.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2024-37845 ↗	Oct 25, 2024Friday, 25 October 2024, 19:15	7.2 HIGH	—
MangoOS before 5.2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the Active Process Command feature.