PyPI package
freetakserver-ui
pkg:pypi/freetakserver-ui
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-25512 | — | <= 1.9.8 | — | Mar 10, 2022 | FreeTAKServer-UI v1.9.8 was discovered to leak sensitive API and Websocket keys. | ||
| CVE-2022-25511 | — | <= 1.9.8 | — | Mar 10, 2022 | An issue in the ?filename= argument of the route /DataPackageTable in FreeTAKServer-UI v1.9.8 allows attackers to place arbitrary files anywhere on the system. | ||
| CVE-2022-25507 | — | <= 1.9.8 | — | Mar 10, 2022 | FreeTAKServer-UI v1.9.8 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Callsign parameter. | ||
| CVE-2022-25506 | — | <= 1.9.8 | — | Mar 10, 2022 | FreeTAKServer-UI v1.9.8 was discovered to contain a SQL injection vulnerability via the API endpoint /AuthenticateUser. |
- CVE-2022-25512Mar 10, 2022affected <= 1.9.8
FreeTAKServer-UI v1.9.8 was discovered to leak sensitive API and Websocket keys.
- CVE-2022-25511Mar 10, 2022affected <= 1.9.8
An issue in the ?filename= argument of the route /DataPackageTable in FreeTAKServer-UI v1.9.8 allows attackers to place arbitrary files anywhere on the system.
- CVE-2022-25507Mar 10, 2022affected <= 1.9.8
FreeTAKServer-UI v1.9.8 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Callsign parameter.
- CVE-2022-25506Mar 10, 2022affected <= 1.9.8
FreeTAKServer-UI v1.9.8 was discovered to contain a SQL injection vulnerability via the API endpoint /AuthenticateUser.