sysentr0py/CVEs

sysentr0py/CVEs

Releases0

Stars1

CVEs found during penetration testing activities.

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-42901 ↗	Sep 3, 2024Tuesday, 3 September 2024, 18:15	4.8 MEDIUM	—
A CSV injection vulnerability in Lime Survey v6.5.12 allows attackers to execute arbitrary code via uploading a crafted CSV file.
CVE-2024-42902 ↗	Sep 3, 2024Tuesday, 3 September 2024, 18:15	8.8 HIGH	—
An issue in the js_localize.php function of LimeSurvey v6.6.2 and before allows attackers to execute arbitrary code via injecting a crafted payload into the lng parameter of the js_localize.php function
CVE-2024-42903 ↗	Sep 3, 2024Tuesday, 3 September 2024, 18:15	6.5 MEDIUM	—
A Host header injection vulnerability in the password reset function of LimeSurvey v.6.6.1+240806 and before allows attackers to send users a crafted password reset link that will direct victims to a malicious domain.
CVE-2024-42904 ↗	Sep 3, 2024Tuesday, 3 September 2024, 18:15	6.1 MEDIUM	—
A cross-site scripting (XSS) vulnerability in SysPass 3.2.x allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name parameter at /Controllers/ClientController.php.
CVE-2024-37829 ↗	Jul 9, 2024Tuesday, 9 July 2024, 21:15	8.8 HIGH	—
An issue in Outline <= v0.76.1 allows attackers to execute a session hijacking attack via user interaction with a crafted magic sign-in link.
CVE-2024-39063 ↗	Jul 9, 2024Tuesday, 9 July 2024, 20:15	8.8 HIGH	—
Lime Survey <= 6.5.12 is vulnerable to Cross Site Request Forgery (CSRF). The YII_CSRF_TOKEN is only checked when passed in the body of POST requests, but the same check isn't performed in the equivalent GET requests.
CVE-2024-37830 ↗	Jul 9, 2024Tuesday, 9 July 2024, 20:15	6.1 MEDIUM	—
An issue in Outline <= v0.76.1 allows attackers to redirect a victim user to a malicious site via intercepting and changing the state cookie.